Bupa Employee Found Selling Medical Records on the Dark Web

Published on:
laptop with the word medical record on screen
An employee at international health insurer Bupa stole thousands of customers’ data and posted it for sale on the dark web.

Current advancements to the internet and all of its capacities bring about a sense of urgency when it comes to safeguarding online security, especially in situations where crucial information can be stolen and exploited.

A testament to this lesson is evident in the repercussions of a recent data breach in the international health insurance company, Bupa.

Your TOR usage is being watched

A Bupa employee managed to copy and steal data regarding more than 108,000 customers, then exposing a majority of that information on the dark web.

The breach was spotted by DataBreaches.net after some of the stolen data were found posted on the site of a vendor going by the name of MoZeal.

The dark web listing included a number of customers’ insurance details, such as registration IDs, contact information, names and even birthdays.

The affected customers spanned 122 countries where the company held operations. The employee was immediately fired by the insurance company, and legal action has been initiated.

Although the health insurer had managed to discover the breach soon after the data was stolen from the system, it was unable to prevent the release of the stolen data on the dark web.

Bupa Managing Director Sheldon Kenton claimed in a statement that the information of almost 108,000 customers had been stolen, though MoZeal has listed insurance records between 500,000 and one million since the data breach was spotted.

The breach has had an intense effect primarily on the international health insurance industry as a whole.

International healthcare policies cover individuals who frequently travel overseas or cross borders for work.

The insurance company claimed that the stolen trove did not include any medical data or financial information of its customers.

Statements said the stolen data only contained the very basics of customers’ details: names and birthdates, nationalities, contact information, registration identification details, etc.

Ever since the breach was spotted, the company has already taken the necessary measures to notify each and every customer whose information has been stolen.

Medical Record Report Healthcare Document
The customer’s information has been stolen

Still, Bupa believes the stolen information has been provided to outside parties and could have numerous potential threats for customers.

So the company made it a point to advise customers to take cautionary measures to protect themselves from such threats.

Kenton also said that although the number of affected customers is large, not all of the company’s 1.4 million customers are under threat.

In fact, the majority of these customers did not have their data involved in this breach at all, and they’re not likely to be affected in any way.

However, Kenton claimed Bupa is doing everything within its power to address the situation and protect the affected customers.

Company representatives also say the security of customer information has been made a paramount priority by the health insurer to prevent such breaches in the future.

The employee responsible for the breach has already been terminated from his position, and Bupa is also pursuing legal action against the employee.

Kenton denied any indication that the attack was sourced from an external party. In fact, he has conceded that this was a deliberate theft orchestrated by an employee of the company.

This attack is the latest in a series of data breaches taking place this year. There have been several such hacks so far that deliberately target entities in the health sector, and the number continues to increase with each passing period of time.

Modern-day hackers have become smarter in their attacks as technology advances. They’re constantly monitoring such companies to get their hands on important information and customer details.

Insider leveraging has also increased, with the aim to access customer details and sell them on the dark web. The high market demand for this type of information makes company security far more important than it has ever been.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.