A rogue employee at health insurer Bupa has been accused of stealing customer data and trying to sell the information to criminals.
The company has admitted the breach - in contrast to, for example, the denial shown by the AA last week - and warned customers accordingly.
Independent security specialist Graham Cluley shared a copy of the letter that Bupa has sent out to customers of its health insurance offerings, warning them of the breach.
Uh oh. BUPA is warning some customers that a rogue employee snuck off with data, and shared it with others... https://t.co/26hxsv6GMK— Graham Cluley (@gcluley) July 12, 2017
The purloined data does not include medical or financial information, according to Bupa, but does include some personally identifiable details (such as name, date of birth and nationality), which means that the Information Commissioner's Office will be looking into the matter, and no doubt levying a fine accordingly.
"We are contacting to advise you to be vigilant and take care as we believe the employee has made the information available to other parties," warns the letter.
"In cases such as this, fraudsters can seek to trick people by impersonating Bupa. You should always take particular care to double check the sender of any communication that asks for financial or personal details."
Graham Cluley told V3 that insiders will always be a potential problem because companies typically focus their attention in the wrong direction. "Rogue employees are one of the biggest challenges for any business," he said. "There's so much focus on external hackers, and too little on staff."
V3 has, of course, asked Bupa for comment and we will update the story accordingly.
Others have been more forthcoming with comment and opinion.
David Kennerley, director of threat research at cyber security firm, Webroot, said: "It will be interesting to hear if Bupa were first alerted to the breach by their own internal controls and monitoring systems - or through the data being made available to the highest bidder on the dark web."
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse