Punishment against Bupa Insurance Services Ltd

In June 2017, the data from the Group’s CRM program was offered for sale in Darkweb. In total, 1.5 million records were affected. The UK DPA’s investigation found that the data was not properly secured internally (more than 1300 employees had access to these records) or externally (hackers attack).

Decision data:
26.09.2018

Country:
United Kingdom

Type of Issue:
Theft of Data

Number of involved data records:
1 500 000

Special category of data involved:
No

Fine:
€ 200,000,-

Violation of GDPR Paragraph:
unknown

Reference: