HackDig : Dig high-quality web security articles for hackers

Former Bupa employee offered 1 million customer records for sale on dark web

2017-08-03 08:00

Former Employee of the Healthcare giant Bupa offered for sale records of 1 Million clients on Dark Web.

A former employee of healthcare giant Bupa was selling between 500,000 and 1 million medical records on the dark web. The former employee whose identity remains undisclosed had sold several batches of hundreds of thousands of medical records managed by Bupa.

Analysts at DataBreaches found a first batch of medical records stolen by the former employee on June 23, the man was offering them on a dark web marketplace. DataBreaches revealed the vendor MoZeal was offering for sale at least 500,000 medical records, the man listed between 500,000 to 1 million insurance records.

Below the official statement issued by the company.

“All of the information and statements we have made public this week, remain valid,” read the statement. “We are aware of a report by Databreaches.net that suggest ‘a former employee claimed to have 1m records for sale’. Our thorough investigation established that 108,000 policies, covering 547,000 customers, had been copied and removed. The disparity in numbers claimed and those taken, relates to duplicate copies of some records.”

The Bupa’s Managing Director Sheldon Kenton downplayed the incident claiming that only 103,000 medical records of Bupa UK clients were sold.

“I wanted to let you know that we recently discovered that an employee had taken some customer information from one of our systems. I know that this will be concerning, so wanted to explain the situation,” Kenton said.

“The information that was taken does not include any financial or medical information. This data comes from one particular part of Bupa – Bupa Global – which handles international health insurance, mainly for people who work overseas or travel on a regular basis. To be fair, this does not affect Bupa’s other local businesses.”

bupa dark web

The listing contained insurance data from 122 countries and customers’ personal information including member and registration IDs, names, birthdates, contact information and information about intermediaries.

Bupa, of course, fired the employee and is currently pursuing legal actions against him and is trying to discover the real identity of the vendor MoZeal.

Medical records are a hot commodity on dark web marketplaces, the healthcare industry was the number one target for cybercriminals. Previously, the banking industry held the top position.

In 2015, more than 100 million healthcare records were compromised, according to IBM’s “2016 Cyber Security Intelligence Index.”

The non-profit organization Institute for Critical Infrastructure Technology revealed that 47 percent of US-based residents have had their medical records stolen, their data were offered for sale on the dark web in 2015.

Pierluigi Paganini

(Security Affairs – BUPA, Dark Web)

The post Former Bupa employee offered 1 million customer records for sale on dark web appeared first on Security Affairs.

Source: lmth.hcaerb-ytiruces-apub/hcaerb-atad/63616/sserpdrow/oc.sriaffaytiruces

“Former Bupa employee offered 1 million customer records for sale on dark web”0 Comments

Submit A Comment



Blog :

Verification Code: