Bupa suffers major data breach as disgruntled employee steals data

Bupa, the UK private healthcare giant, has fallen victim to a rouge employee who inappropriately copied and removed some customer information from the company.

The data breach has affected around 108,000 health insurance policies, with the data stolen including names, dates of birth, nationalities, and insurance membership numbers.

In a statement, Bupa said: “This was not a cyber attack or external data breach, but a deliberate act by an employee.

“We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.”

It seems that Bupa has fallen foul of what many would argue is the weakest link in security – people. The insider threat poses a multitude of threats and is hard to lock down, as explained by Tripwire’s Paul Edon:

“Despite many of us being trustworthy, there are some, insiders, that break and damage that trust. The worst thing is, anyone in the company could be an insider and it is very difficult to vet everyone who has access to the various networks and sensitive data.”

According to the Verizon BBIR 2017 report, one out of four data breaches are the work of insiders, with healthcare fairing even worse – a significant two out of three data breaches are the work of an employee of third-party.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

READ MORE: Verizon Data Breach: Everything you need to know about the major cloud leak

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing