FSA fines Zurich £2.275m over customer data loss

Zurich Insurance's UK arm has been hit with a record £2.275 million fine from the Financial Services Authority (FSA) over the loss of a backup data tape containing the details of 46,000 customers.

  0 Be the first to comment

FSA fines Zurich £2.275m over customer data loss

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The unencrypted tape, containing data on policyholders, including bank account and credit card information for some, went missing in August 2008.

It was lost by the firm's South African business during a routine transfer to a data storage centre but a lack of proper reporting lines meant the issue was only discovered by the UK unit a year later.

Imposing its biggest ever fine on a single firm for data security failings, the FSA says Zurich UK failed to take "reasonable care" to ensure it had effective systems and controls to manage the risks relating to the outsourcing arrangement with the South African business.

The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime. The loss "could have led to serious financial detriment for customers and even exposed them to the risk of burglary" says the watchdog.

However, there is no evidence that the data was actually compromised or misused.

Margaret Cole, director, enforcement and financial crime, FSA, says: "Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA."

Zurich UK says that since the loss it has commissioned a comprehensive review of data security systems and appointed a dedicated information security officer.

Stephen Lewis, chief executive, Zurich UK, says: "This incident was unacceptable. It served to remind us of the need to strive continually to improve the ways in which we seek to protect customers' data."

The firm agreed to settle at an early stage, qualifying for a 30% discount on the fine, which otherwise would have been £3.25 million.

Sponsored [On-Demand Webinar] Reaping the benefits of Hyper-Personalisation with AI and Application Modernisation

Comments: (0)

[Impact Study] 2024 Fraud Trends in Banking, Insurance, and BeyondFinextra Promoted[Impact Study] 2024 Fraud Trends in Banking, Insurance, and Beyond