+27 (0)82 373 8415 info@sami.co.za Client Area login Assessment Form Visa Renewal Services


News Articles

Bupa fined £175,000 due to worker attempting to sell customer data on the dark web

Source: Vsoftsystems, 10/10/2018


The rogue employee attempted to sell customers` names, date of birth
and email addresses
Bupa has been fined £175,000 by the ICO after one of its employees
tried to sell the records of 547,000 Bupa Global customers on the dark
web early last year.
The employee in question managed to lift the data from Bupa`s CRM
system, which holds data relating to 1.5 million of the company`s
customers in total. The information stolen included dates of birth,
email addresses and nationality.
The ICO said Bupa failed to protect its customers` data by not
monitoring its CRM system, SWAN, was used, allowing the employee to
steal the information and then send the records to his personal email
account. This data was then sent by the employee to the dark web
between January and March last year.
Bupa was only made aware of the issue on 16 June 2017 when a partner
told the company it had found the customer information for sale. The
company also received 198 complaints about the incident and at this
point, the employee in question was dismissed and Sussex Police informed.
After investigating into the breach, Bupa realised there was a flaw in
its activity monitoring system that meant it wasn`t alerted to unusual
activity in the system, such as bulk data downloads. The ICO said this
was a breach of the Data Protection Act 1998.
“Bupa failed to recognise that people’s personal data was at risk and
failed to take reasonable steps to secure it,` ICO director of
investigations Steve Eckersley said.
“Our investigation found material inadequacies in the way Bupa
safeguarded personal data. The inadequacies were systemic and appear
to have gone unchecked for a long time. On top of that, the ICO’s
investigation found no satisfactory explanation for them.”
The ICO said it has fined Bupa under the Data Protection Act 1998 and
not the more recent General Data Protection Regulation and 2018 Act
because the incident occurred before the new legislation came into force


Search

Search

Latest News

  •    ... Read more...
  •    ... Read more...
  •    ... Read more...
  •    ... Read more...
  •    If you are visiting SA or already here on a visa, take this as a public-interest warning. In 2025, a quiet, but sharp, shift has taken hold inside parts of home affairs adjudication ranks: applications are being refused almost mechanically if they were not submitted at least 60 days before visa expiry.A wave of refusals repeating near-identical wording:The applicant did not submit his/her application no less than 60 days prior to the expiry date of his/her.

    The rigid application of this rule, devoid of consideration for mitigating circumstances, raises serious concerns about the fairness and legality of such administrative decisions.

    ...     Read more...
  •    ... Read more...
  •    ... Read more...
  •    ... Read more...
  •    ... Read more...
  •    ... Read more...
South Africa Immigration Company