The UK branch of Zurich Insurance has been fined a whopping £2.28 million after losing details of 46,000 customers.
The fine, imposed by the Financial Services Authority (FSA), comes as a result of Zurich Insurance losing customers’ confidential information when an unencrypted backup tape went missing during its transfer to a data storage centre in South Africa in August 2008.
Lost records included details of customers’ identities, and in some cases bank account and credit card information, and other financial information. Questions must be asked as to why this sensitive data was not encrypted at the very least.
The FSA said it was was the highest fine it had yet imposed for a data security foul-up.
The only silver lining is that no evidence has been uncovered that the lost data has been misused by identity thieves, and Zurich Insurance says it has introduced new security measures since the security incident.
BBC News reports that Zurich Insurance could have faced an even tougher penalty if it had not agreed to settle at an early stage of the FSA’s investigation. That settlement reduced the fine by 30%, from a possible £3.25 million.
If figures like that make your eyes water, make sure that you are taking steps now to protect the sensitive data that your company holds. All organisations need to take the necessary measures to avoid data breaches, and protect the potential victims of data loss.
My colleague Chris Pace is giving a short and practical webcast on Friday 27 August (10am UK time), demonstrating how you can implement effective Data Protection with minimal effort and minimal cost. If you’re interested in attending, please register now.