A few days ago, BARMER Krankenkasse announced that one of its IT service providers had already been attacked on May 31, 2023. According to an internal letter, data from the users of a bonus program has probably been leaked. It will be further investigated.
Although the BARMER homepage talks about an attack on a security gap at an IT service provider, the question of data leakage is still being examined. The security gap was probably closed immediately and there was never a connection to the BARMER IT environment. The authorities have been informed of the incident. The whole thing sounds exactly like the attacks on many other health insurance companies in recent times and their provider Bitmarck.
Expired: rewards program user data
A letter has now become known in which BARMER informs that data for a bonus program has been leaked. According to the MDR, it should also contain important things such as names, insurance numbers and account numbers in addition to the bonus points. In the past, such data has usually always ended up on the Darknet for sale.
Customers should keep an eye on their account and report any anomalies immediately. The Barmer writes "Unfortunately, we cannot rule out that the leaked data will be used on the Internet or that third parties will pretend to be the persons concerned". It also says "We very much regret this criminal incident and are doing everything we can to avoid possible damage".
Claim for damages?
The MDR writes in its article that personal data from various hacker attacks were misused by cybercriminals. In some cases, spam emails have been sent on their behalf or the information has been used in a scam. If damage occurs here, we can according to MDR Affected parties may assert this. In the past there were probably some court decisions that suggest this.
More at Barmer.de