Details of 20,000 Allianz customers compromised in data breach
A global insurance company based in Dublin has suffered a data breach affecting up to 20,000 people.
Allianz Worldwide Care, which is a division of Allianz and describes itself as a global provider of international private medical insurance for big companies’ employees, mistakenly sent out customer invoices to the wrong recipients in late December. It said that this impacted 83 corporate clients, possibly totalling 20,000 insured employees.
The company, which operates from Park West in Dublin, said that the affected customers are all located outside Ireland. It said that it has clients in over 160 countries worldwide.
The office of the data protection commissioner confirmed that the company had contacted it in relation to a data breach and that it was assessing the matter. The company said that it had begun communicating with affected customers in relation to the data breach.
“In 2012 we commenced a project to upgrade the output management of our existing invoicing system,” said a statement from the company. “This project was ongoing for over a year and, following the normal project lifecycle of documentation, development and testing, it was implemented at the end of 2013 as part of an approved scheduled roll out.”
“Shortly after its implementation on December 30th, we were notified by one of our Swiss-based brokers that he had received invoices for Allianz Worldwide Care clients that were not relevant to him. Immediately upon notification, we switched off the invoicing system, identified the cause and deployed a code fix rectifying the issue.”
“In parallel, we carried out a full investigation and concluded that it was only invoices related to the 29th/30th December that were affected and that one other broker, based in France, had also received client invoices not relevant to his book of business.”
The company said that the data breach relating to the invoices was limited to names and dates of birth. It also said that the broker-recipients had now told them that the documentation had been destroyed.
“From time to time, human error can cause problems with even the most robust of systems, but our IT team has since put in place additional functions to ensure that this error will never happen again,” said the company statement.
“We are confident that this matter was contained within the confines of the business and its partners and would like to assure our clients that we have robust systems in place right across the business, all of which are rigorously tested and only rolled out if fit for purpose.”
Last week, a major survey by The Irish Computer Society revealed that one in two Irish companies had suffered a data breach in the last 12 months.
The news about Allianz Worldwide Care comes ahead of a planned data protection conference in Dublin o Tuesday, which is expected to outline ways to fight data protection leaks.
A company spokesman said that as the mistaken recipients of the customer information had contractual relationships with Allianz, the affected customers' security was not compromised.