Travel insurer reveals almost 100,000 customer details in cyber attack

Staysure became aware of the problem in November and warned the relevant authorities

Nearly 100,000 customers of Staysure have had their personal details compromised after the travel insurance company suffered a cyber attack towards the end of last year.

Card payment details of customers who purchased insurance from Staysure before May 2012 were stolen, including CVV details (the three digit number on the back of a card required to make purchases) and customer names and addresses.

From May 2012 Staysure no longer stored this type of data.

Although the attack took place during October 2013, the company only became aware of the problem on 14th November and only wrote to customers impacted by the problem in December.

The Financial Conduct Authority, the Information Commissioner's Office and Police have all been informed of the breach.

"We immediately hired independent forensic data experts to fully ascertain the extent of the problem and have written to 93,389 affected customers, which represents fewer than 7 percent of our customer base, to warn them and ask them to check that they have not been the victims of any fraud as a result," said Ryan Howsam, chief executive officer of Staysure.

The company has offered affected customers free access to Data Patrol, an identity fraud monitoring service provided by Experian.

"We continue to work with those groups and independent security experts. We immediately removed the software and systems that the attackers exploited, and we are confident that we have taken the right steps to protect our customers in the future," said Howsam.

"We are deeply sorry that this has happened and are working diligently to make sure that inconvenience to customers is minimised."

This breach is the latest in a string of cyber attacks against firms holding customer data, where most recently a leading loyalty card provider based in Ireland suffered an attack that potentially impacted thousands of customers.

Join the CSO newsletter!

Error: Please check your email address.

Tags Financial Conduct AuthoritysecurityExperianInformation Commissioner's Office

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek du Preez

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts