English insurer Staysure says it notified nearly 93,400 customers in December to inform them of a cyber attack.
The Northampton-based travel, home, auto and life insurer said encrypted payment card details—including three-digit card verification value details—used by 93,389 customers to buy coverage before May 2012 were stolen during an attack in late October. Customer names and addresses could be included in the Staysure data breach.
“We became aware of the problem on November 14 and quickly informed the relevant card-issuing bodies and subsequently the Financial Conduct Authority, the Information Commissioner’s Office and the police,” said Staysure CEO Ryan Howsam in a statement earlier this month.
According to Advisen Loss Insight data, nearly 56 percent of UK cyber cases—a total of 392—are from data breach, loss or theft. Improper disposal or distribution, loss or theft (of paper records) is next with 121 cases. Advisen began collecting UK cyber case data in 2007.
Staysure said it hired forensic data experts and the company has offered free identity-theft service provided by Experian.
Howsam said Staysure “removed the software and systems that the attackers exploited.”
UK companies have no responsibility under any law to report breaches of security but the Information Commissioner’s Office encourages companies to bring large cyber attacks to the office’s attention, said its website.