Leading student insurance provider Guard.me suffers a major data breach

Leading student insurance provider Guard.me suffers a major data breach

People's Energy suffers major breach with 250k customers' details stolen

Leading student insurance provider Guard.me recently announced it had to take down its website temporarily after discovering that a hacker had infiltrated the site and accessed the personal details of students.

“Recent suspicious activity was directed at the guard.me website and in an abundance of caution we immediately took down the site. Our IS and IT teams are reviewing measures to ensure the site has enhanced security in order to return the site to full service as quickly as possible,” reads the guard.me website.

Guard.me has emailed affected students that it suffered a data breach on May 12, following which the website was taken down immediately as a precaution so that the vulnerability could be addressed.

“In the late evening of May 12, 2021, our Information Systems team discovered unusual activity on our website and as a precaution, they immediately took down the website and took immediate steps to secure our systems. The vulnerability has been addressed. Our experts are diligently investigating the matter further,” the insurer said.

The vulnerability let hackers access sensitive information of policy-holding students like dates of birth, gender, email addresses, encrypted passwords, mailing addresses, and phone numbers. The company said the vulnerability has been addressed and new measures have been taken to enhance security, including database segmentation and two-factor authentication.

Even though the breach occurred nearly two weeks ago, the company’s website remains inactive, except for displaying phone numbers for general queries, urgent application queries, opt-out requests, and claims submissions.

Commenting on the data breach suffered by Guard.me, Trevor J. Morgan, product manager at Comforte AG, said that personally identifiable information (PII) and personal health information are becoming increasingly valuable, but many data healthcare operators are struggling to protect sensitive information effectively and maintain regulatory compliance.

“While no sure-fire way exists to prevent attackers from getting access to an enterprise network environment, organisations can leverage data security solutions that protect valuable customer information instead of the environment around that data. Being able not only to protect passwords and perimeters but also to secure personal, sensitive data itself drastically reduces the risk of misuse of data and the resultant reputational damage.

“Companies should look to deploy data-centric methods such as tokenization or format-preserving encryption to protect the privacy of their customers. A sophisticated data protection architecture doesn’t care where the data is stored, whether in motion or at rest, or whether that data is on-premise or in multi-cloud environments.

“The objective is to protect sensitive data itself at its earliest point of entry, and allow de-protection only when necessary and only for applications and users with the right permissions. The best part about tokenization is that, because it preserves data structure, it can still be used by applications without de-protection, increasing its value to the organization,” he adds.

Also Read: SITA data breach affected 4.5 million flyers, Air India reveals

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]