Guard.me Suffered Data Breach
Guard.me, a health insurance carrier for students traveling abroad or staying in other countries for education, disclosed a data breach incident to its customers. Last week on May 12th, the platform has taken its website offline after realizing unauthorized access. People visiting the website were redirected to a maintenance page showing the following statement; “Recent suspicious activity was directed at the Guard.my website, and in an abundance of caution, we immediately took down the site. Our IS and IT teams are reviewing measures to ensure the site has enhanced security to return the site to full service as quickly as possible.“ May the incident investigation was done, the platform now started notifying the customers (students) about the data breach. It read as; While it claims to have patched the vulnerability, it didn’t reveal what it was exactly. The data impacted in the breach include the students’ genders, dates of birth, and encrypted passwords. Also, the phone numbers, email, and mailing addresses of some students too were accessed. While the identity of said threat actor wasn’t known, guard. They have strengthened the security practices like using 2FA and database segmentation to avoid future attacks.