Friday 18 June 2021, Poradnik bezpieczeństwa

Client data of one of the insurers leaked

Lost24

The UNIQA company - the owner of AXA, sent emails without the BCC (blind carbon copy) field, revealing the data of 1000 customers in each email. As a reminder, the BCC option allows you to send messages to multiple recipients, preventing the disclosure of sensitive data - recipients cannot see each other's emails.


According to the Niebezpiecznik portal, UNIQA first sent out emails revealing the data of 1000 customers in each email, and then revealed the same data again, as the “email cancellation” mechanism was used.


The message concerned information about the change in the terms and conditions of using the PPK online service for the Employing Entity. It should be noted that the message recall feature works within the email sender’s organization. As Niebezpiecznik emphasizes, the message will only disappear from the mailboxes of UNIQA employees, who were not the recipients, and instead was sent to UNIQA customers.


As one of the readers informs, the email with the “cancellation” came after contacting the Data Protection Officer.