Following the wake of recent health insurer breaches affecting
Zurich UK lost personal details regarding 46,000 customers' identity, bank-account and credit card information and details of their insured assets, according to a statement from the U.K.'s Financial Services Authority http://www.fsa.gov.uk (FSA). The FSA says that Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA), which lost an unencrypted back-up tape during a routine transfer to a data storage centre in 2008. Due to the lack of efficient reporting lines, Zurich UK didn’t learn of the incident until a year later.
“Zurich UK let its customers down badly,” says FSA Enforcement Chief Margaret Cole in a statement. “It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.”
The fine is the fourth the FSA has levied for data loss, it says, and the largest fine against a single firm for failing to protect data. In July last year, the regulator fined three HSBC Holdings PLC units a total of $5 million (£3.2 million) for losing customer information in the mail. Nationwide Building Society and Norwich Union PLC also have been fined for losing data.