Zurich Financial Services’ UK unit
Zurich Insurance plc (Zurich UK), been fined £2.275m ($3.5m) by the
UK’s Financial Services Authority (FSA) following the insurer’s
loss of 46,000 policyholders’ personal details.
The fine is the largest yet handed
down by the FSA for data security failings.
Go deeper with GlobalData
Zurich’s data security failings
resulted in the loss personal details including identity details,
and in some cases bank account and credit card information, details
about insured assets and security arrangements.
The data loss occurred at Zurich
UK’s South African unit, Zurich SA, to which processing of some
customer data is outsourced.
In August 2008, Zurich SA lost an
unencrypted back-up tape during a routine transfer to a data
storage centre.
The FSA noted that because there
were no proper reporting lines in place Zurich UK did not learn of
the incident until a year later.
“Zurich UK let its customers down
badly” said FSA director of enforcement and financial crime,
Margaret Cole.
“It failed to oversee the
outsourcing arrangement effectively and did not have full control
over the data being processed by Zurich SA.
“To make matters worse, Zurich UK
was oblivious to the data loss incident until a year later,” Cole
added.
