Allianz firm leaks data records of 20,000 by mistake
A global insurance company based in Dublin has suffered a data breach affecting up to 20,000 people.
Allianz Worldwide Care, which is a division of Allianz and describes itself as a global provider of private medical insurance for big companies' employees, mistakenly sent out customer invoices to the wrong recipients in late December.
It said that this impacted 83 corporate clients, possibly totalling 20,000 insured employees.
The company, which operates from Park West in Dublin, said that the affected customers are all located outside Ireland. It said that it has clients in over 160 countries worldwide.
The office of the Data Protection Commissioner confirmed that the company had contacted it in relation to a data breach and that it was assessing the matter. The company said that it had begun communicating with affected customers.
"In 2012 we commenced a project to upgrade the output management of our existing invoicing system," said a statement from the company.
"This project was ongoing for over a year and, following the normal project lifecycle of documentation, development and testing, it was implemented at the end of 2013 as part of an approved scheduled rollout.
"Shortly after its implementation on December 30, we were notified by one of our Swiss-based brokers that he had received invoices for Allianz Worldwide Care clients that were not relevant to him."
The company said it acted immediately after it was notified and switched off the invoicing system and identified the cause of the incorrect issue and rectified it.
"In parallel, we carried out a full investigation and concluded that it was only invoices related to the 29/30 December that were affected and that one other broker, based in France, had also received client invoices not relevant to his book of business," it added.
The company said that the data breach relating to the invoices was limited to names and dates of birth. It also said that the broker-recipients had now told them that the documentation had been destroyed.
"From time to time, human error can cause problems with even the most robust of systems, but our IT team has since put in place additional functions to ensure that this error will never happen again," said the company statement.
"We are confident that this matter was contained within the confines of the business and its partners and would like to assure our clients that we have robust systems in place right across the business, all of which are rigorously tested and only rolled out if fit for purpose."
Last week, a major survey by The Irish Computer Society revealed that one in two Irish companies had suffered a data breach in the past 12 months.
The news about Allianz Worldwide Care comes ahead of a planned data-protection conference in Dublin on Tuesday.