View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Bupa suffers major data breach as disgruntled employee steals data

An employee walked off with data pertaining to 108,000 health insurance policies.

By Ellie Burns

Bupa, the UK private healthcare giant, has fallen victim to a rouge employee who inappropriately copied and removed some customer information from the company.

The data breach has affected around 108,000 health insurance policies, with the data stolen including names, dates of birth, nationalities, and insurance membership numbers.

In a statement, Bupa said: “This was not a cyber attack or external data breach, but a deliberate act by an employee.

“We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.”

It seems that Bupa has fallen foul of what many would argue is the weakest link in security – people. The insider threat poses a multitude of threats and is hard to lock down, as explained by Tripwire’s Paul Edon:

“Despite many of us being trustworthy, there are some, insiders, that break and damage that trust. The worst thing is, anyone in the company could be an insider and it is very difficult to vet everyone who has access to the various networks and sensitive data.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

According to the Verizon BBIR 2017 report, one out of four data breaches are the work of insiders, with healthcare fairing even worse – a significant two out of three data breaches are the work of an employee of third-party.

READ MORE: Verizon Data Breach: Everything you need to know about the major cloud leak

Insiders have the legitimate access and opportunity to wreak havoc on a company, especially if said employee is disgruntled and wanting to inflict real damage.

“To mitigate the risk, organisations should ask themselves where their sensitive data lies and invest in protecting it,” advised Imperva’s Itsik Mantin.

Businesses can employ solutions, especially those based on machine learning technology that can process and analyse vast amounts of data, to help them pinpoint critical anomalies that indicate misuse of enterprise data and that also help them to quickly quarantine risky users to prevent and contain data breaches proactively.”

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU