Saturday, 5 August 2017

Former Bupa employee offered 1 million customer records for sale on dark web

Current advancements to the internet and all of its capacities bring about a sense of urgency when it comes to safeguarding online security, especially in situations where crucial information can be stolen and exploited.

A Bupa employee managed to copy and steal data regarding more than 108,000 customers, then exposing a majority of that information on the dark web. Data Breaches found the breach on the dark web on June 23, posted by a vendor called MoZeal. The listing contained insurance information from 122 countries and included information like member and registration IDs, names, birthdates, all contact information and information about intermediaries.



It would appear that “MoZeal” is likely the rogue employee that Kenton referred to in his videotaped statement. Also of note: while Bupa reports that 108,000 were affected, MoZeal’s listing and thread indicated that there were over 130,000 in the U.K. alone, and that overall there were about 500,000 – 1 million records for sale.

Bupa has reportedly taken legal action, so this post will be updated as more information becomes available. The breach has had an intense effect primarily on the international health insurance industry as a whole.

Bupa responded to the reported discrepancy between their numbers and the AlphaBay vendor’s claims with a statement to Insurance Business reconciling some of the differences by noting that they referred to “policies” while the vendor referred to number of individuals. Ever since the breach was spotted, the company has already taken the necessary measures to notify each and every customer whose information has been stolen.

Company representatives also say the security of customer information has been made a paramount priority by the health insurer to prevent such breaches in the future. The employee responsible for the breach has already been terminated from his position, and Bupa is also pursuing legal action against the employee.

This attack is the latest in a series of data breaches taking place this year. There have been several such hacks so far that deliberately target entities in the health sector, and the number continues to increase with each passing period of time.

No comments: