Zurich fined £2.2m by FSA
Zurich Insurance, which has an office in Birmingham, has been fined £2.27m after losing the personal details of 46,000 policy holders. The fine, levied by the Financial Services Authority (FSA), is the highest to date to a single firm for data security failings.
The security failure was unearthed following the loss of 46,000 customers’ identity details, including bank account and credit card information in some cases.
The FSA said that the loss could have led to “serious financial detriment for customers and even exposed them to the risk of burglary”.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa (Zurich SA), which in turn misplaced an encrypted back-up tape in August 2008. As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later.
Margaret Cole, the FSA’s director of enforcement and financial crime, said:
“Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.
“To make matters worse, Zurich UK was oblivious to the data loss incident until a year later. Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made.”
