The London-based health insurer Bupa Global is warning their policyholders that about 108,000 policies were exposed in a data breach that exposed the names, dates of birth, nationalities as well as other contact and administrative data of some 547,000 of their 1.4 million insured.
“We recently discovered an employee had taken some customer information from one of our systems,” Sheldon Kenton, managing director of Bupa Global, stated in the data breach notification posted online to customers and interested parties. The notice continues: “The information that has been taken does not include any financial or medical information.”
Data from the breach had become available on a dark web marketplace which has since become defunct, known as AlphaBay. Presumably, the data was listed by the employee who stole the data.