Travel insurer Staysure warns 93,389 customers after card data hacked

Bob Howard reports:

The travel insurer Staysure has warned customers that some of their sensitive bank card details may have been stolen after its IT security was breached.

Some 93,000 people who bought policies prior to May 2012 may be at risk, it said.

Staysure said it believed hackers may have stolen the three digit Card Verification Value (CVV) numbers of some policy holders.

Read more on BBC. It appears that card information was encrypted but CVV numbers, stored under their legacy system, were not encrypted.

Yesterday the firm posted this notice on their website, linked from their home page:

In December 2013 we wrote to a group of our customers to tell them that our systems suffered a cyber attack during the second half of October 2013.

In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data.

We became aware of the problem on November 14, and quickly informed the relevant card issuing bodies and subsequently The Financial Conduct Authority, the Information Commissioner’s Office and the Police. We immediately hired independent forensic data experts to fully ascertain the extent of the problem and have written to 93,389 affected customers, which represents fewer than 7% of our customer base, to warn them and to ask them to check that they have not been the victims of any fraud as a result.

We have also offered those customers free access to Data Patrol, a comprehensive, identity monitoring service provided by Experian. The service offers 24/7 online identity fraud monitoring, alerting by email if any customer data is compromised. This is supplemented by a telephone based fraud resolution service.

We continue to work with those groups and independent security experts. We immediately removed the software and systems that the attackers exploited, and we are confident that we have taken the right steps to protect our customers in the future.

We are deeply sorry that this has happened and are working diligently to make sure that inconvenience to customers is minimised.

Ryan Howsam
Chief Executive Officer

Action to take:

If we have not written to you, you will not be amongst those affected.

If you are amongst those affected please follow the suggested course of action in our letter, which is to contact your card issuer, check your statements and then take advantage of the free subscription to Data Patrol.

If you are in receipt of our letter and have any concerns or queries please call the numbers provided and we will be pleased to assist you.

Contact Numbers:
0800 007 4540
01604 214 575

Media Enquiries:
If you are a journalist please call our media team on 0207 781 2362