Bupa Global data breach: Private information of almost 20,000 Australians at risk

computer data — A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. Reuters/Kacper Pempel

A massive Bupa Global data breach has affected almost 20,000 Australians, putting their private information at risk. The company’s international health insurance arm was hit by a malicious act in its British office after an employee had "inappropriately copied and removed some customer information.”

Bupa Global managing director Sheldon Kenton admitted that some data were taken. These include the names, dates of birth, nationalities and contact and administrative details such as Bupa insurance membership numbers.

Kenton revealed the data was made available to other parties. "We are contacting those customers who are affected to apologise and advise them, as we believe the information has been made available to other parties,” the Sydney Morning Herald quotes him as saying.

According to a spokesperson for the company, 19,595 of those affected are believed to be Australians. At least 547,000 customers are affected worldwide.

Bupa has revealed that 43,000 of the customers had a correspondence address in the UK. It explained in an online statement that data relating to 108,000 international insurance plans were taken. These belonged to customers whose policy numbers begin with BI. Those with domestic health insurance were reportedly not impacted.

However, British customers might be hit if they have purchased plans for use abroad. Kenton said an investigation was under way.

The company had already alerted the Financial Conduct Authority as well as other regulators in the UK. The Information Commissioner's Office said it was making enquiries about the issue.

Paul Edon at security software firm Tripwire said those affected by the breach must check for signs of identity theft. For instance, scam emails could possibly use data from the breach to ruse the recipient into thinking they are being legitimately contacted. He said humans are the weakest link in security. "Despite many of us being trustworthy, there are some insiders that break and damage that trust,” he added, according to BBC.

A Bupa Australia spokesperson said it was important to note that the incident was not a cyber attack or external data breach. Instead, it was a “deliberate act by an employee in the UK,” who could not access data for the Bupa Australia Health Insurance business. The data, the spokesperson said, was stored on a separate system.

The staff member responsible for the incident has been dismissed and the company will take appropriate legal action against the employee. The Bupa Global division provides international health insurance for travellers and people who work overseas.

Turnbull gov't to introduce a bill that will ensure employers are paying workers' super