The student health insurance conveyor guard.me has laid hold of their website offline after an exposure allowed a threat actor to access policy holder’s personal info.
Guard.me is one of the world’s largest insurance conveyors, specializing in dispense health insurance to the students while traveling or studying overseas or in any other country.
Guard.me discovered malicious activity on their website that guided them to take down their website. When looking in on the website, the visitors are commonly redirected to a page called maintenance page warning that the site is down now as the insurance provider increases the security on site.
Recent sceptical activity was directed at the website guard.me and in plenty of defencelessness we immediately took down the functioning of the site. They said our IS and IT teams are reviewing the measures to make sure that the site has improved it’s security in order to get back the site to full services as quickly as possible.
Today, guard.me began emailing students notification of a data breach seen by the BleepingComputer that states a website vigilance allowed unsanctioned persons to get access to policyholder’s personal info.
In the very late evening of May 12, 2021 our Info System’s team discovered an uncommon activity on this website and as a forethought they immediately took down the website’s functioning and took immediate measures to secure our systems. This defencelessness has been addressed. Guard.me data breach notification says that our experts are continuously investigating the matter further.
This defencelessness allowed the threat actor to gain access to the student’s date of birth, gender, and also encrypted passwords. For some of the students, their email addresses, mailing addresses, and also their phone numbers were out.
Guard.me states that they have fixed the defencelessness and that it has resisted further attempts by their cybersecurity team to bypass the supplementary safeguards.
The insurance conveyor also states that they are instituting the new policies for increased and additional security, including the database segmentation and two-factor authentication.
It being a Canadian company, it is not clearly known that if guard.me disclosed the breach to the Privacy Commissioner of Canada and has not yet responded to BleepingComputer’s requests for more info on that matter.