Light green background

Information about IPMI data loss

Information and advice for Bupa customers with international health insurance 

July 2017

Sheldon Kenton, Managing Director of Bupa Global: 

Bupa Global

Sheldon Kenton, Managing Director of Bupa Global (formerly Bupa International) said:

July 2017

We recently discovered an employee of our international health insurance division (which is called ‘Bupa Global’), had inappropriately copied and removed some customer information from the company. Around 108,000 international health insurance policies are affected.

The information does not include any financial or medical data, and relates to a portion of customers with international health insurance. 

Customers of Bupa’s local (domestic) health insurance businesses are not affected, and not all of the Bupa Global division’s 1.4 million international health insurance customers are affected. 

We are contacting those policy holders who are affected to apologise and advise them as we believe the information has been made available to other parties. The data includes: names, dates of birth, nationalities, and some contact and administrative details including Bupa insurance membership numbers. The information was not deleted from our system.

Protecting the information we hold about our customers is an absolute priority and I would like to assure customers that we are treating this seriously and taking steps to address the situation. This was not a cyber attack or external data breach, but a deliberate act by an employee. We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.

Click here for some answers to general questions about the incident.

We encourage any concerned customers to contact us at or call our dedicated helpline on +44 (0)203 901 1925.

Media should contact the Bupa Press office at or on +44 (0)20 7656 2176 / +44 (0)7802 873145.

Please see below for translated versions of the statement:

How to protect yourself

Fraudsters can try to trick people into handing over their details, so called “phishing.” 

Don’t be scammed. Always check you know the sender of the message or the person calling before responding with your details. 

Scammers may try to trick you by impersonating Bupa – sending you an email or contacting you by phone. You should always take care to double check the sender of any communication that asks for financial or other personal details.

We advise you to:

  • Be suspicious of anyone who asks for your bank account or credit card details.
  • Double-check email addresses. This means looking beyond the sender name, by checking the address of the email account.
  • Do not download software or let anyone log on to your computer or device remotely as a result of an unsolicited call, even if they claim to be calling from Bupa or another company you know.

Before disclosing personal information online, make sure you know who you are dealing with.

  • If in doubt, don’t open emails or attachments.
  • Stay in control – have the confidence to refuse an unusual request for information.
  • Don’t be rushed – a genuine organisation won’t mind waiting to give you time to stop and think.

To learn more, please visit Information Commissioner's Office - Online Safety Advice

Reading Bupa Code

Bupa’s commitment to information security

Information is key to our business and we are trusted to keep it safe. 

Data security has been - and continues to be - an area of significant management focus and investment. Over recent years, we have substantially increased investment in this as part of our wider risk and compliance agenda to ensure we continue to uphold the high standards our customers and regulators expect. 

We have invested significantly in our systems to keep information safe, as well as training our people, and we continue to do so. There are regular internal communication campaigns reinforcing our employees’ responsibility to keep information safe. Whether it is information about our customers, patients, residents, employees or business, all Bupa employees are expected to keep it secure. This is clearly articulated within The Bupa Code which explains what we expect across a range of ethical issues, with ‘We keep information safe’ being one of the key principles.