BUPA, the international healthcare group with a presence in 190 countries, has been stung by a data breach after an employee inappropriately copied and removed information from one of the company’s systems.

547,000 customers have been affected by the breach. The data includes the names, dates of birth and nationality of customers, as well as some contact and administrative information such as membership numbers.

Mark James, a security specialist at IT security company ESET, said that while there was a clear indication of what was and what was not stolen, the data could still be used in an attempt to scam or phish other details from customers.

James suggested that customers are more likely to fall victim to phishing in this instance because an email could include their full name and membership details.

BUPA has advised its customers to:

• be suspicious of anyone who asks for bank account or credit card details
• double-check e-mail addresses of the sender

not download or let anyone log on to their computer or device remotely as a result of an unsolicited call – even if they claim to be calling from Bupa or another company that is known to the customer