On May 12th, student health insurance carrier guard.me detected dubious activity on their website that led them to remove their web page.
According to them, a flaw enabled a cybercriminal to obtain students’ private data such as email addresses, dates of birth, phone numbers, and even passwords.
Guard.me International Insurance is among the world’s largest health and travel insurance providers in international education, protecting over 100,000 individuals studying and working abroad, including full- and part-time students, faculty members, and participants in the exchange, co-op, and internship programs.
At the moment, their website is unavailable, visitors being automated sent to a maintenance page notifying that the site is inoperative as the Guard.me health insurance career improves security on the website.
Yesterday, the insurance provider started to inform its students of the data breach via email saying that a website flaw permitted unapproved threat actors to gain access to their private data.
In the late evening of May 12, 2021, our Information Systems team discovered unusual activity on our website and as a precaution, they immediately took down the website and took immediate steps to secure our systems. The vulnerability has been addressed. Our experts are diligently investigating the matter further.
A data breach is a security violation in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations, or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information.
As stated by the international student health insurance provider, the flaw was fixed and measures to secure their system have been immediately taken.
Guard.me also declares that they are initiating new policies for stronger protection such as two-factor authentication and database segmentation.