Almost 20,000 Australian private health insurance holders of Bupa are being contacted after their personal data was leaked by a rogue employee.
Bupa Global says a staff member of its international health insurance division has “inappropriately copied and removed some customer information from the company”.
Customer names, dates of birth, nationality, contact information and administrative details, including membership numbers are potentially affected.
But peoples' financial details and medical information are not.
The breach affects customers who work overseas or travel on a regular basis.
Globally, it affects over 540,000 people - with around 19,595 being Australian customers.
“It is important to point out that this was not a cyber attack or external data breach,” Bupa’s Australian arm said in a statement.
“It was [a] deliberate act by an employee in the UK who had no access to customer data for the Bupa Australia Health Insurance business, which is kept on separate systems.”