Following the wake of recent health insurer breaches affecting Anthem Blue Cross and Blue Cross Blue Shield of Tennessee, Zurich Financial Services AG's UK unit was fined $3.5 million (£2.3 million) after losing confidential customer data.

Zurich UK lost personal details regarding 46,000 customers' identity, bank-account and credit card information and details of their insured assets, according to a statement from the U.K.'s Financial Services Authority (FSA). The FSA says that Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA), which lost an unencrypted back-up tape during a routine transfer to a data storage centre in 2008. Due to the lack of efficient reporting lines, Zurich UK didn’t learn of the incident until a year later.

“Zurich UK let its customers down badly,” says FSA Enforcement Chief Margaret Cole in a statement. “It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.”

The fine is the fourth the FSA has levied for data loss, it says, and the largest fine against a single firm for failing to protect data. In July last year, the regulator fined three HSBC Holdings PLC units a total of $5 million (£3.2 million) for losing customer information in the mail. Nationwide Building Society and Norwich Union PLC also have been fined for losing data.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access