The UK-based individual, who has now been sacked by Bupa Global and is under police investigation, is said to have copied and removed personal data relating to 108,000 international health insurance policies covering 547,000 people.
Bupa said it believed the stolen information had been passed to ‘third parties’ but would not provide any further about the circumstances in which this happened or details about who they are, while a police investigation is ongoing.
However, it has written to affected customers and warned them to extra alert to potential scams and suspicious or fraudulent communications or activities.
The personal information taken includes names, dates of birth, nationalities, and contact and administrative details, including Bupa insurance membership numbers.
Bupa said no medical or financial information had been taken, and a spokesman said: “based on the information available, there is no reason to believe that transactions could have been made that would impact customers.”
No details released
Victims of the data breach include those who belonged to corporate health insurance schemes provided by international employers.
Bupa will not release details of those affected but one company is known to be RBC Wealth Management. The company, which has offices around the world, including in the UK, Channel Islands, Singapore, Hong Kong, the Middle East, Caribbean, North and Latin America, has written to current and former staff affected by the data breach, warning them to “remain vigilant and treat any unexpected communications received with extreme caution.”
Sheldon Kenton, managing director of Bupa Global, said additional security measures and increased customer identity checks had been introduced in the wake of data theft.
He added: “A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.”
A spokesman for Bupa Global said that it was not aware of any of the affected customers receiving suspicious communications following the data breach, adding: “We are getting in touch to advise customers to be vigilant and avoid potential scams. However, we have asked customers to let us know if they believe their data has been used for fraudulent actions, for example a suspicious email or phone call.”
Bupa Global has around 1.4m international health insurance customers based all around the world. The company is popular with international advisers and intermediaries, as well as large institutions with international and globally mobile workforces.
