guard.me claims to already have released a patch

May 19, 2021 11:34 GMT  ·  By

Following a recent cyberattack, the website of international education insurance company guard.me is still unavailable.  

The global business stated on its homepage “Recent suspicious activity was directed at the guard.me website and in an abundance of caution we immediately took down the site”.

“Our IS (information systems) and IT (information technology) teams are reviewing measures to ensure the site has enhanced security in order to return the site to full service as quickly as possible”.

guard.me scereenshot

Guard.me is one of the world's largest insurance carriers that is specialized in offering health insurance to students who are traveling or studying in another country.

Clients received notifications regarding guard.me data breach 

On Monday, guard.me began emailing students a data breach warning, stating that a website vulnerability enabled unauthorized persons to access policyholders' personal information, as seen by BleepingComputer.

Guard.me data breach notification says "In the late evening of May 12, 2021 our Information Systems team discovered unusual activity on our website and as a precaution they immediately took down the website and took immediate steps to secure our systems. The vulnerability has been addressed.  Our experts are diligently investigating the matter further".

This flaw allowed cybercriminals to gain access to students' birth dates, genders, and encrypted passwords. Some students' email addresses, physical addresses, and phone numbers were exposed as well.

The identity of the cyber attackers is unknown by now.

The insurance company claims to have patched the flaw  

Guard.me claims to have patched the vulnerability and that it working on circumventing the additional protections.  The insurance company claims to be implementing new security measures, such as database segmentation and two-factor authentication.

Since guard.me is a Canadian corporation, it is unclear if the breach was reported to the Privacy Commissioner of Canada.

Photo Gallery (2 Images)

guard.me cyberattack
guard.me scereenshot
Open gallery