Bupa fined after personal data of 500,000 customers offered for sale on dark web
Details including names, dates of birth, email addresses and nationality accessed by employee who then attempted to sell them
Insurance company Bupa has been fined £175,000 after an employee offered personal data of 547,000 customers for sale on the dark web.
The Information Commissioner’s Office (ICO) fined the insurer for failing to have effective security measures in place to protect customers’ personal information.
The employee accessed the information between 6 January and 11 March 2017 via Bupa’s customer relationship management system, which holds customer records relating to 1.5 million people.
The employee sent bulk data reports, including names, dates of birth, email addresses and nationality, to his personal email account before the data was put up for sale online.
ICO director of investigations, Steve Eckersley, said: “Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it.”
An investigation revealed “systemic inadequacies” in Bupa’s safeguarding of personal data and showed that these failures had “gone unchecked for a long time,” Mr Eckersley added. Failing to keep personal data secure is a breach of the Data Protection Act 1998.
Bupa was alerted to the breach on 16 June 2017 by an external partner who spotted customer data for sale.
Bupa and the ICO received 198 complaints about the incident. The rogue employee was dismissed and Sussex Police issued a warrant for his arrest.
A spokesperson for Bupa Global said: “We accept this decision by the ICO and have co-operated fully with its investigation.
“We take our responsibility for protecting customer information very seriously.
“We have since introduced additional security measures to help prevent the recurrence of such an incident, reinforced our internal controls and increased our customer checks.”
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies