International student insurance provider Guard.me had to take its website down due to recent suspicious data breach activity that had impacted its platform.
Data breach impacts Guard.me’s data:
Guard.me is one of the leading international student insurers that helps students in providing health insurance when traveling or pursuing international education.
The recent suspicious activity was reportedly attributed to a third-party potential threat actor accessing the insurer company’s accessing policyholders’ personal data as a result of a vulnerability in its website.
Addressing the data breach and notifying impacted parties:
Consequently, the report of the data breach was displayed on the guard.me website. As of writing the news, Visitors getting directed to the website are greeted with the following and only message:
“Recent suspicious activity was directed at the guard.me website and in an abundance of caution we immediately took down the site. Our IS and IT teams are reviewing measures to ensure the site has enhanced security in order to return the site to full service as quickly as possible.”
The notice further displays contact details to reach the organization for any sort of information or grievances.
“We sincerely apologize for this disruption and any inconvenience it may cause” notes Guard.me.
According to BleepingComputer, the insurance provider has started notifying students via email of the data breach incident stating that a website vulnerably facilitates an unauthorized party to access policyholders’ personal information.
“In the late evening of May 12, 2021, our Information Systems team discovered unusual activity on our website and as a precaution, they immediately took down the website and took immediate steps to secure our systems. This vulnerability has been addressed. Our experts are diligently investigating the matter further,” says Guard.me data breach notification.
Reportedly, sensitive student data such as date of birth, gender, and encrypted passwords, as well as email IDs, addresses, and phone numbers in case of some students.
The insurance provider has since ascertained that the vulnerability has been patched up and that particular security measures are taken up by Guard.me’s cybersecurity team to mitigate any future hazards.
It has been proposed by Guard.me that the company is instituting novel policies for enhanced security, including database segmentation and two-factor authentication.