Health insurer VGZ placed customer data online in an unsecured manner

Spread the love

Data from 27,000 customers of health insurer VGZ has been online for two years in an unsecured environment. It concerns a ‘human error’ by an employee who wanted to test new software.

The employee copied the data of the insured to his own FTP server to be able to test new software, the health insurer has announced. This included declaration data. “That’s not how it should be,” said VGZ spokesperson Mark van der Wolf.

“The employee probably decided to put the data on his own server shortly after the project,” said Van der Wolf. However, the ftp server was not password protected, so in theory anyone could access it. At the end of 2013, the insurer only found out that the data was unsecured online and was taken offline.

According to the health insurer, there is little chance that the problem has been abused, because someone should have looked for it specifically. The data was also ‘partially fictitious’, although it is not clear what this means. VGZ also does not dare to explicitly exclude abuse. As a result of the vulnerability, the security procedures have been tightened, the organization assures.

You might also like
Exit mobile version