A rogue employee at health insurer Bupa has been accused of stealing customer data and trying to sell the information to criminals.
The company has admitted the breach - in contrast to, for example, the denial shown by the AA last week - and warned customers accordingly.
Independent security specialist Graham Cluley shared a copy of the letter that Bupa has sent out to customers of its health insurance offerings, warning them of the breach.
Uh oh. BUPA is warning some customers that a rogue employee snuck off with data, and shared it with others... https://t.co/26hxsv6GMK— Graham Cluley (@gcluley) July 12, 2017
The purloined data does not include medical or financial information, according to Bupa, but does include some personally identifiable details (such as name, date of birth and nationality), which means that the Information Commissioner's Office will be looking into the matter, and no doubt levying a fine accordingly.
"We are contacting to advise you to be vigilant and take care as we believe the employee has made the information available to other parties," warns the letter.
"In cases such as this, fraudsters can seek to trick people by impersonating Bupa. You should always take particular care to double check the sender of any communication that asks for financial or personal details."
Graham Cluley told V3 that insiders will always be a potential problem because companies typically focus their attention in the wrong direction. "Rogue employees are one of the biggest challenges for any business," he said. "There's so much focus on external hackers, and too little on staff."
V3 has, of course, asked Bupa for comment and we will update the story accordingly.
Others have been more forthcoming with comment and opinion.
David Kennerley, director of threat research at cyber security firm, Webroot, said: "It will be interesting to hear if Bupa were first alerted to the breach by their own internal controls and monitoring systems - or through the data being made available to the highest bidder on the dark web."
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches