Use Bupa? Beware new scams
Bupa customers have been warned about potential scams after the company admitted that an ex-employee stole personal data relating to 108,000 insurance policies.
It affects 547,000 customers signed up to Bupa’s international health insurance plan, whose policy numbers begin with ‘Bl’. Around 43,000 of these have a British address. Customers with domestic policies aren’t affected.
The company said no medical or financial information is at risk, but that names, email addresses, phone numbers, dates of birth, nationalities and membership details have been given to “other parties”.
The company didn’t say who these might be, but security blogger Graham Cluley said fraudsters could use the data to launch a wave of scams: “It’s easy to imagine how someone vulnerable could get a phone call out of the blue, believe it’s Bupa, and give the criminals valuable information”.
Cluley added that the theft highlights the risk of “rotten apples” stealing data within companies.
Writing on Bupa’s website ( www.snipca.com/25008), Sheldon Kenton, Managing Director of Bupa Global, apologised for the breach, and said it had “introduced additional security measures and increased our customer identity checks”.
Kenton said Bupa is taking legal action against the former employee. A spokeswoman added that it discovered the breach in June and has been in touch with the police and UK data watchdog the Information Commissioner’s Office (ICO). It is contacting all customers affected.