Pupil medical health insurance provider guard.me has taken their web site offline after a vulnerability allowed a risk actor to entry policyholders’ private info.
guard.me is without doubt one of the world’s largest insurance coverage carriers specializing in offering medical health insurance to college students whereas touring or learning overseas abroad.
On Could twelfth, Guard.me found suspicious exercise on their web site that led them to take down their web site. When visiting the web site, guests are mechanically redirected to a upkeep web page warning that the location is down whereas the insurance coverage supplier will increase safety on the location.
“Current suspicious exercise was directed on the guard.me web site and in an abundance of warning we instantly took down the location. Our IS and IT groups are reviewing measures to make sure the location has enhanced safety to be able to return the location to full service as rapidly as doable.” reads the guard.me web site.
Right now, guard.me started emailing college students a knowledge breach notification seen by BleepingComputer that states an internet site vulnerability allowed unauthorized individuals to entry policyholders’ private info.
“Within the late night of Could 12, 2021 our Data Methods group found uncommon exercise on our web site and as a precaution they instantly took down the web site and took fast steps to safe our techniques. The vulnerability has been addressed. Our consultants are diligently investigating the matter additional,” says Guard.me knowledge breach notification.
This vulnerability allowed the risk actor to entry college students’ dates of start, genders, and encrypted passwords. For some college students, their e mail addresses, mailing addresses, and cellphone numbers have been additionally uncovered.
guard.me states that they’ve fastened the vulnerability and that it has withstood additional makes an attempt by their cybersecurity group to bypass the extra safeguards.
The insurance coverage provider additionally states that they’re instituting new insurance policies for elevated safety, together with database segmentation and two-factor authentication.
Being a Canadian firm, it’s not clear if guard.me disclosed the breach to the Privateness Commissioner of Canada and has not responded to BleepingComputer’s requests for extra info.