Zurich Insurance slammed with £2.28 million fine for losing customer data

by Graham Cluley on August 24, 2010 | Leave a comment

Filed Under: Data loss

Zurich Insurance
The UK branch of Zurich Insurance has been fined a whopping £2.28 million after losing details of 46,000 customers.

The fine, imposed by the Financial Services Authority (FSA), comes as a result of Zurich Insurance losing customers' confidential information when an unencrypted backup tape went missing during its transfer to a data storage centre in South Africa in August 2008.

Lost records included details of customers' identities, and in some cases bank account and credit card information, and other financial information. Questions must be asked as to why this sensitive data was not encrypted at the very least.

The FSA said it was was the highest fine it had yet imposed for a data security foul-up.

The only silver lining is that no evidence has been uncovered that the lost data has been misused by identity thieves, and Zurich Insurance says it has introduced new security measures since the security incident.

BBC News reports that Zurich Insurance could have faced an even tougher penalty if it had not agreed to settle at an early stage of the FSA's investigation. That settlement reduced the fine by 30%, from a possible £3.25 million.

If figures like that make your eyes water, make sure that you are taking steps now to protect the sensitive data that your company holds. All organisations need to take the necessary measures to avoid data breaches, and protect the potential victims of data loss.

<shameless plug>
My colleague Chris Pace is giving a short and practical webcast on Friday 27 August (10am UK time), demonstrating how you can implement effective Data Protection with minimal effort and minimal cost. If you're interested in attending, please register now.
</shameless plug>

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.