The ICO revealed that between 6 January and 11 March 2017, a Bupa employee was able to extract the personal information of 547,000 Bupa Global customers and offer it for sale on the dark web.
https://www.insuranceage.co.uk/regulation/3622121/bupa-fined-ps175000-over-data-security