Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
A Bupa data breach has led to a significant fine from regulators in the sum of £175,000.00 after 198 complaints were made.
The breach period occurred between January and March 2017, meaning it has not attracted a GDPR fine. However, a large fine was levied because Bupa were found to have failed to take enough action to protect their customers’ data.
It has also transpired that customer data was vulnerable at the time of the initial data breach. This stemmed from a lack of monitoring of their customer relationship management system, known as SWAN.
The Bupa data breach was committed by an employee who has since been sacked and has had a warrant for his arrest issued by Sussex police.
The employee was able to bulk download a wealth of sensitive data about Bupa customers. This data was then sent to a personal address, where the employee then tried to sell it on the dark web.
Investigations by the ICO (Information Commissioner’s Office) found that Bupa was unaware of defects with their SWAN software that allowed such activity to take place. They were punished for failing to monitor data coming out of the system as well.
When you consider that this was a huge amount of data, it’s concerning that this transfer of data was not identified and stopped. When it’s an organisation who holds a lot of sensitive medical data, the breach is even more worrisome.
This kind of lack of care for data is what can lead to a data breach compensation claim.
Sensitive and personal information was exposed in the Bupa data breach. This included:
It was not until June 2017 that Bupa were alerted to the breach. A partner found the attempted sale of the data and raised the alarm.
198 complaints were made as a result of the breach.
Speaking about the Bupa data breach, Steve Eckersley of the ICO said:
“Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it. Our investigation found material inadequacies in the way Bupa safeguarded personal data.
The inadequacies were systemic and appear to have gone unchecked for a long time. On top of that, the ICO’s investigation found no satisfactory explanation for them.”
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020