Bupa recently discovered an employee of our international health insurance division (which is called ‘Bupa Global’), had inappropriately copied and removed some customer information from the company. Around 108,000 international health insurance policies are affected.
The information does not include any financial or medical data, and relates to a portion of customers with international health insurance.
Customers of Bupa’s local (domestic) health insurance businesses are not affected, and not all of the Bupa Global division’s 1.4 million international health insurance customers are affected.
We are contacting those customers who are affected to apologise and advise them as we believe the information has been made available to other parties. The data taken includes: names, dates of birth, nationalities, and some contact and administrative details including Bupa insurance membership numbers.
Protecting the information we hold about our customers is an absolute priority and I would like to assure customers that we are treating this seriously and taking steps to address the situation. This was not a cyber attack or external data breach, but a deliberate act by an employee. We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.