Punishment against Bupa Insurance Services Ltd
In June 2017, the data from the Group’s CRM program was offered for sale in Darkweb. In total, 1.5 million records were affected. The UK DPA’s investigation found that the data was not properly secured internally (more than 1300 employees had access to these records) or externally (hackers attack).
Type of Issue:
Theft of Data
Number of involved data records:
1 500 000
Special category of data involved:
Violation of GDPR Paragraph: