The Bupa employee responsible for copying and removing data relating to 547,000 customers from the organization’s systems has been fired.
Yesterday, Bupa, the international healthcare group with a presence in 190 countries, revealed that it had been stung by a data breach after an employee inappropriately copied and removed information from one of the company’s systems.
At the time, Bupa told Infosecurity Magainze that this had affected 108,000 international health insurance customers – but this figure was actually the number of policy holders. The number of overall customers affected is much higher – 547,000 – which makes up a more than a third of all of its 1.4 million international health insurance customers. The company has 16.5 million health insurance customers in total.
Meanwhile, the company has also moved to dispel rumors that up to one million records have been compromised.
Databreaches.net was behind a report which claimed that a listing appeared on the now-gone Alpha Bay marketplace by a vendor calling himself or herself ‘MoZeal’.
It also said that MoZeal’s listing indicated that there were over 130,000 customer details from the UK alone, and up to one million records in total.
In a reply to a potential buyer about pricing MoZeal allegedly responded by saying:
“Thanks for your inquiry bro, but before i start talking about pricing i would just like to clarify that this medical database is the only unique db if not only one on the entire dark web market with over 1 million entries and over 122 countries as a whole not to mention its come straight from one of the world class health insurance companies. so you can imagine the information is very sensitive but also exclusive.”
Bupa said that it was aware of a report that suggested a former employee claimed to have one million records for sale, but said the disparity between the numbers claimed and those actually taken, relates to duplicate copies of some records.