The health insurance company Barmer and its insured persons have become victims of a hacker attack. An external service provider that handles Barmer’s bonus program was the victim of an attack. Sensitive data, such as the bank details of Barmer customers, fell into the hands of third parties. This data leak raises questions about the security of personal information and the protection of users.

The extent of the hacker attack is being investigated

Barmer drew attention to the hacker attack in mid-June with a terse press release. It indicated that the service provider had been hacked and that an investigation was underway to determine whether Barmer’s own data had also been accessed. The service provider has since closed the security leak. Nevertheless, the incident has already had consequences for some insured persons.

Customers are informed about the data theft

According to reports from the tech magazine “Golem,” Barmer is currently informing affected customers about the theft of their data. In the letters to policyholders, Barmer regrets the incident and apologizes for any inconvenience caused. In doing so, it emphasizes that its own IT systems were not compromised. An external service provider that handles the bonus program was the target of the attack:

External service provider targeted in attack

The hacker attack was specifically targeted at the external service provider that manages Barmer’s bonus program. The company Majorel, with over 82,000 employees and more than 500 customers, was targeted by the attackers. Barmer emphasizes that its own IT systems were not affected. However, this raises questions about service provider control and controls when working with external partners.

Sensitive data falls into the wrong hands

The data theft is particularly worrying because not only first and last names of insured persons are affected, but also sensitive information such as health insurance numbers, bank details and premium amounts. This personal data can be misused by criminals for various purposes, especially phishing attacks.

The danger of phishing attacks

The loss of such sensitive data can lead to an increased risk of phishing attacks. Criminals could try to use the stolen information to take over accounts of the affected policyholders. In doing so, they may impersonate the affected individuals and attempt to gain access to their financial information or other personal data. Barmer therefore warns those affected of this danger and emphasizes that it cannot be ruled out that the leaked data will be used on the Internet.

Conclusion: protection of personal data remains a challenge

The recent cyberattack on Barmer’s service provider and the theft of sensitive data from policyholders once again highlights the challenges that companies and users face when it comes to protecting personal data. It is vital that companies take appropriate security precautions, particularly in the area of managing and controlling service providers, to prevent such attacks and ensure the security of their customers’ data.

Subscribe to our newsletter

and stay always updated on data protection.