Around 108,000 Bupa Global international health insurance policies have been affected as an employee was found to have copied and removed customer information from the company.
The breech is said to have affected some current and former international health insurance customers, who have policy numbers that begin ‘BI. The policies affected cover 547,000 customers.
The insurer said that the relevant data included names, dates of birth, nationality and some contact and administrative details such as member numbers. However financial details and medical information were not included in the breech.
A previous report suggested that former employee claimed to have 500, 000 to one million records for sale but a Bupa investigation established it was 108,000 policies.
Bupa is contacting the affected customers and warning them "to be vigilant", as well as issuing guidance on how customers can protect themselves from scammers.
The insurer is encouraging concerned customers to contact email@example.com or call a dedicated helpline on +44 (0)203 901 1925.
Globally this affects around 108,000 insurance policy holders covering 547, 000 people. Bupa Global has 1.4m international health insurance customers.
In a statement, Sheldon Kenton, managing director of Bupa Global (formerly Bupa International) said: "We recently discovered an employee of our international health insurance division (which is called ‘Bupa Global'), had inappropriately copied and removed some customer information from the company. Around 108,000 international health insurance policies are affected.
"The information does not include any financial or medical data, and relates to a portion of customers with international health insurance.
"Customers of Bupa's local (domestic) health insurance businesses are not affected, and not all of the Bupa Global division's 1.4 million international health insurance customers are affected.
"We are contacting those customers who are affected to apologise and advise them as we believe the information has been made available to other parties. The data includes: names, dates of birth, nationalities, and some contact and administrative details including Bupa insurance membership numbers. The information was not deleted from our system.
"Protecting the information we hold about our customers is an absolute priority and I would like to assure customers that we are treating this seriously and taking steps to address the situation.
"This was not a cyber attack or external data breach, but a deliberate act by an employee. We have introduced additional security measures and increased our customer identity checks.
"A thorough investigation is underway and we have informed the FCA and Bupa's other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action."
Insurers should take inspiration from start-ups to communicate more effectively with their customers, Rhys Williams strategy director at Quiet Room has urged.
Debbie Kennedy, group head of protection strategy at Royal London, was named 'Personality of the Year' at the Protection Review 2017 awards last night.
Aviva has sold Friends Provident International Limited to a subsidiary of International Financial Group Limited for £340m.
UnderwriteMe's Underwriting Rules Engine has been chosen by insurers in Australia and Asia, along with a second partnership in Ireland.