Canadian student health insurance carrier guard.me has been hit by an attack. By exploiting a vulnerability a threat actor accessed policyholders’ information, guard.me reports on its website.
Guard.me provides health insurance to students who are traveling or studying abroad, and is one of the world’s largest insurance carriers.
Guard.me discovered suspicious activity on their website on May 12th. Following an initial investigation, they decided to take their website down. When visiting the website, visitors are automatically redirected to a maintenance page warning that the site is down while the insurance provider increases security on the site.
“Recent suspicious activity was directed at the guard.me website and in an abundance of caution we immediately took down the site. Our IS and IT teams are reviewing measures to ensure the site has enhanced security in order to return the site to full service as quickly as possible,” a message on the guard.me website reads.
The insurer is in the process of notifying students of a data breach. A notification on the website states a vulnerability allowed unauthorized persons to access policyholders’ personal information.
“In the late evening of May 12, 2021 our Information Systems team discovered unusual activity on our website and as a precaution they immediately took down the website and took immediate steps to secure our systems. The vulnerability has been addressed. Our experts are diligently investigating the matter further,” says the data breach notification.
The leaked data have included students’ names, dates of birth, genders, and encrypted passwords. For some students, their email addresses, mailing addresses, and phone numbers were also exposed.
Guard.me states that after fixing the flaw, their cybersecurity team has withstood further attempts by attackers to bypass the additional safeguards. The company promises to implement new policies for increased security that will include database segmentation and two-factor authentication (2FA).