Bupa Global responds after an employee in its international health insurance division was caught copying and removing information from client files Credit: Thinkstock In a succinct statement, the managing director of Bupa Global, Sheldon Kenton, explains how Bupa Global recently discovered an employee had “inappropriately copied and removed some customer information from the company. Around 108,000 international health insurance policies are affected.”Bupa has approximately 1.4 million international health insurance policies (16.5 million total policies), so the employee only managed to visit the policiess of approximately 8 percent of Bupa’s international health insurance policy holders. The 108,000 policies affected 547,000 individuals. The client data compromised included:NamesDate of birthNationalitiesContact information“Administrative materials”Bupa customer numbersKenton continues that while the information was accessed and copied, none of the information was deleted from the system. Furthermore, Bupa believes the compromised information did not include client financial or medical data. No accident: Trusted insider acted deliberatelyTo their credit, Bupa calls it like it is in their statement: This was a trusted insider who broke trust and acted in a deliberate manner: This was not a cyber attack or external data breach, but a deliberate act by an employee. We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.Backups are importantA salient point to Bupa’s statement is the employee’s attempt to remove the data from Bupa. While the employee may have been successful, Bupa is unequiviocal that no client data was deleted. Therefore, we may presume the existence of multiple iterations of backup copies to the data base being harvested.Trust but verifyAn additional indicator that Bupa understands the magnitude of what transpired, as they evolve their internal policies, is this statement, “We have introduced additional security measures and increased our customer identity checks.” As every CISO knows, trust those who have access to the data, but verify they access only that data to which they have a need.Least privileged accessThe doctrine of need to know or least privileged access serves to reduce the risk that data is being accessed as part of a farming exercise by a curious or malevolent employee. By assuring your employee has access to the information they need to do their job and the ability to audit it is being accessed for bona fide purposes, you project a secure environment. Bupa customers should be hyper-alertThe 549,000 individuals whose information was compromised need to remain hyper-alert to criminals attempting to capitalize on the client information. The information can be used to create phishing emails to spoof not only Bupa, but any number of entities, which by including the identifying information taken from Bupa, might induce an individual to “click” a link within an email. Related content news analysis China’s MSS using LinkedIn against the U.S. The head of the U.S. National Counterintelligence and Security Center says China's MSS is using social networks, specifically LinkedIn, to target, access, and recruit U.S. sources. By Christopher Burgess Aug 31, 2018 4 mins Social Engineering Cybercrime Security news analysis Tesla insider with expired NDA spills the tech beans A former Tesla engineer with an expired non-disclosure agreement (NDA) shared inside technical information on an obscure forum, which was quickly shared across multiple social media platforms. By Christopher Burgess Aug 30, 2018 3 mins Risk Management Security news analysis Horizon Air tragedy highlights airline insider threat vulnerability The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability. By Christopher Burgess Aug 13, 2018 4 mins Security news analysis How did the TimeHop data breach happen? Compromise of an employee's credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised. By Christopher Burgess Aug 10, 2018 4 mins DLP Software Analytics Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe