Bupa data breach leads to fine
council email data leaks

Bupa data breach leads to fine

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

A Bupa data breach has led to a significant fine from regulators in the sum of £175,000.00 after 198 complaints were made.

The breach period occurred between January and March 2017, meaning it has not attracted a GDPR fine. However, a large fine was levied because Bupa were found to have failed to take enough action to protect their customers’ data.

It has also transpired that customer data was vulnerable at the time of the initial data breach. This stemmed from a lack of monitoring of their customer relationship management system, known as SWAN.

What happened in the Bupa data breach?

The Bupa data breach was committed by an employee who has since been sacked and has had a warrant for his arrest issued by Sussex police.

The employee was able to bulk download a wealth of sensitive data about Bupa customers. This data was then sent to a personal address, where the employee then tried to sell it on the dark web.

Investigations by the ICO (Information Commissioner’s Office) found that Bupa was unaware of defects with their SWAN software that allowed such activity to take place. They were punished for failing to monitor data coming out of the system as well.

When you consider that this was a huge amount of data, it’s concerning that this transfer of data was not identified and stopped. When it’s an organisation who holds a lot of sensitive medical data, the breach is even more worrisome.

This kind of lack of care for data is what can lead to a data breach compensation claim.

What information was exposed in the Bupa data breach?

Sensitive and personal information was exposed in the Bupa data breach. This included:

  • Names;
  • Dates of birth;
  • Email addresses;
  • Nationalities.

It was not until June 2017 that Bupa were alerted to the breach. A partner found the attempted sale of the data and raised the alarm.

198 complaints were made as a result of the breach.

What’s been said about the Bupa data breach?

Speaking about the Bupa data breach, Steve Eckersley of the ICO said:

“Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it. Our investigation found material inadequacies in the way Bupa safeguarded personal data.

The inadequacies were systemic and appear to have gone unchecked for a long time. On top of that, the ICO’s investigation found no satisfactory explanation for them.”

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon