The personal information of 108,000 Bupa customers was exposed after an employee inappropriately copied and stole the data, the international health insurer announced Thursday.

The breach affected international health insurance, which covers people who frequently travel or work overseas. While financial and medical data was not included in the stolen information, the employee removed names, customer information, birth dates, nationalities and other administrative data.

The employee has since been fired, and Bupa is pursuing legal action. The firm discovered the breach soon after the employee stole it from the system.

The company is notifying all 108,000 of the affected customers, as it believes the information was given to outside parties, Sheldon Kenton, Bupa’s managing director said in a statement. Not all of Bupa’s 1.4 million customers were part of the breach.

“Protecting the information we hold about our customers is an absolute priority, and I would like to assure customers that we are treating this seriously and taking steps to address the situation,” said Kenton.

“This was not a cyberattack or external data breach, but a deliberate act by an employee,” he added. “We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway, and we have informed the FCA and Bupa’s other UK regulators.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn