UK-based insurance firm Staysure has reported a significant data breach that has potentially exposed the sensitive financial information of over 93,000 customers. The breach comes amid growing concerns over cybersecurity vulnerabilities across industries, drawing attention to the importance of data protection measures.
The issue was first identified on November 14, prompting immediate notification to key stakeholders, including card issuing bodies, the Financial Conduct Authority, and law enforcement.
According to the company’s announcement, the cyber incident occurred in late October 2013 and involved unauthorized access to customer data, including names, addresses, credit card details, and CVVs. Staysure noted that the incident reflects a lapse in data security protocols that permitted access to previously stored information.
Customer details from insurance purchases made prior to May 2012 were compromised, but from that date, the company ceased storing such data.
Although credit card details were encrypted, the CVV numbers were stored in plaintext, raising questions about the effectiveness of their encryption practices. While the presence of the encrypted card numbers offers some level of protection, if compromised, the plaintext CVV could still be exploited. Current findings have yet to confirm the integrity of the encryption methods employed.
In response, we have swiftly eliminated the exploited software and systems, reinforcing our commitment to future customer protection.
Affected customers will receive complimentary access to an identity monitoring service as a precaution. Staysure has also retained independent forensic experts to conduct a comprehensive investigation into the breach.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.