Staysure, a British company that provides travel insurance, has suffered a data breach. The company said that hackers broke into its servers in the second half of October 2013, but the breach was detected only in mid-November.
In a notice posted on its website, Staysure reveals that the attackers stole names, addresses, encrypted payment card details, and CVVs.
The information belongs to customers who had purchased insurance before May 2012. After this date, Staysure stopped storing this type of data.
Around 93,000 people (less than 7% of the customer base) might be impacted. The insurer has started sending out notification letters to affected individuals. The police, the ICO and the Financial Conduct Authority have also been notified.
The company is confident that the vulnerabilities exploited by the cybercriminals have been patched. Customers are being offered free access to Experian’s identity fraud monitoring service Data Patrol.