Private healthcare group BUPA suffered a data breach this week where someone managed to run off with sensitive customer information.
But unlike many data breaches that have occurred over the last few years (e.g. Yahoo, Sony) this breach did not occur from over the Internet.
Rather it was a [presumably] disgruntled employee who – according to BUPA Global Managing Director Sheldon Kenton – “inappropriately copied and removed some customer information“. The employee was promptly dismissed, according to the healthcare group.
This information includes customer details such as email, phone number and BUPA membership number. However no financial or medical information was disclosed.
The letter many BUPA customers received.
According to BUPA, those with local domestic insurance should not be affected. However those with international private healthcare insurance and with policy numbers beginning with BI may have had their information stolen.
BUPA warned affected customers about the breach and explained that crooks with the stolen data may try to contact them pretending to be from BUPA in order to scam them.
It goes to show that no matter how much focus you spend on securing your data breaches that may originate from cyberspace, you could still suffer a data breach from the inside.
