Connect with us


Bupa fined after employee puts details of half a million customers up for sale on dark web



Bupa has been fined £175,000 after an employee stole details of more than half a million customers and put them up for sale on the dark web.

The employee from the UK-based healthcare group stole the information of 547,000 customers and offered it for sale online, said the Information Commissioner’s Office (ICO).

The data included names, dates of birth, email addresses and nationality, and came from a system holding records on 1.5 million people.

“Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it,” said Steve Eckersley, the ICO’s director of investigations.

“Our investigation found material inadequacies in the way Bupa safeguarded personal data.

“The inadequacies were systemic and appear to have gone unchecked for a long time. On top of that, the ICO’s investigation found no satisfactory explanation for them.”

It is unclear whether the information was successfully sold.

Following a cyber attack in October 2015, the ICO fined TalkTalk a record £400,000 after 15,656 individuals’ bank account details and sort codes were stolen due to lax security.

Bupa and the ICO received 198 complaints about the incident and the rogue employee was sacked.

Sussex Police also issued a warrant for his arrest.

A spokesperson for Bupa told Sky News: “We accept this decision by the ICO and have cooperated fully with its investigation. We take our responsibility for protecting customer information very seriously.

“We have since introduced additional security measures to help prevent the recurrence of such an incident, reinforced our internal controls and increased our customer checks.”

Continue Reading
Advertisement Find your dream job