Bupa fined £175,000 failing to protect its customers data

The Information Commissioner’s Office (ICO) has imposed a fine of £175,000 on Bupa, an international healthcare group for failing to protect its customers data of over half a million. One of the employees stole this data of 547,000 customers and put it up on dark web for sale. The data includes name, data of birth, email address, and the nationality of the customers.

“Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it”

“Our investigation found material inadequacies in the way Bupa safeguarded personal data.

“The inadequacies were systemic and appear to have gone unchecked for a long time. On top of that, the ICO’s investigation found no satisfactory explanation for them.” 


Steve Eckersley, the ICO’s director of investigations

There were more than 198 complaints about the incident that Bupa and the ICO received. However, it is still confirmed if the data put on the dark web was sold or not. The rogue employee has been sacked and the Sussex Police has issued a warrant for his arrest.