Penalty against Bupa Insurance Services Ltd
In June 2017, data from the Group’s CRM program was put up for sale on the dark web. A total of 1.5 million records were affected. In the course of the investigation by the UK data protection authority, it was discovered that the data had not been properly secured either internally (a total of more than 1,300 employees had access to these data sets) or externally (hacker attack).
Entscheidungsdatum:
26.09.2018
Land:
Great Britain
Art des Verstoßes:
Theft of Data
Betroffene Datensätze:
1 500 000
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 200,000,-
Violation of GDPR Paragraph:
unknown
Quelle:
Communication from the UK data protection authority ICO (English)