Zurich Insurance has been hit with a £2.3 million penalty by the UK’s Financial Services Authority after it lost data relating to 46,000 of its customers.
The fine has been applied to the UK branch of the insurance giant after it lost customers’ sensitive data, including information on their identities, bank accounts and credit cards.
Interesting Links
Stolen bank data used to hunt tax evaders Spanish authorities the latest to use account details stolen from HSBC to investigate tax evasion
Underwritten rules Specialist insurer Hiscox has used rules management to overcome the complexity of operating across multiple channels
The data was lost after Zurich’s South African subsidiary, which is repsonsible for processing customer data, misplaced an unencrypted back-up tape during a routine data transfer in 2008.
The company itself was not aware of the incident until a year later. The FSA said this fact reflected inadequate internal reporting procedures.
“[Zurich] failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA,” said Margaret Cole, FSA director of enforcement and financial crime in a statement. “To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.”
There is no reason to believe that any of the data has been compromised, the FSA says.
Zurich’s fine is the largest ever levied on any single organisation for data security failings. Previously, the FSA has handed out charges of £2 million and £1 million to HSBC and Nationwide respectively for data loss incidents.