Punishment against Bupa Insurance Services Ltd
In June 2017, the data from the Group’s CRM program was offered for sale in Darkweb. In total, 1.5 million records were affected. The UK DPA’s investigation found that the data was not properly secured internally (more than 1300 employees had access to these records) or externally (hackers attack).
Decision data:
26.09.2018
Country:
United Kingdom
Type of Issue:
Theft of Data
Number of involved data records:
1 500 000
Special category of data involved:
No
Fine:
€ 200,000,-
Violation of GDPR Paragraph:
unknown
Reference: