Zurich loses 51,000 UK customer details
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Back-up tape belonging to UK division of insurance giant goes missing in South Africa
The UK division of insurance provider Zurich has lost the details of 51,000 general insurance customers after losing a back-up tape in South Africa. The company said its investigation into the loss of the tape had “revealed deficiencies in the management of data tape security procedures”.
“We take the security of our customers’ data very seriously. What has happened is unacceptable to us,” said Annette Court, CEO of Zurich’s European General Insurance Financial Services group. “Protecting our customers’ interest is at the top of our agenda. We are putting a great deal of investment into strengthening our internal processes to ensure that incidents of this nature do not happen again in the future.”
Zurich has sent letters to affected customers and appointing auditors KPMG to conduct an investigation into the matter.
Jamie Cowper, marketing director of data encryption firm PGP, observed that Zurich’s loss highlighted issues of cross-border movement of sensitive customer data.
“Zurich UK’s customers might be surprised to hear that their data is being kept in South Africa, a country which is yet to pass its equivalent of the Data Protection Act,” he said, adding that “global trends around data outsourcing mean that confidential customer data could be held absolutely anywhere.”
“Whilst Zurich has been keen to downplay any assertion that the data could be compromised, unless the tape is recovered it is impossible to be sure. Who can predict what will become of this data in a few months or even a few years’ time?”
I could predict what will become of the data. It will be sold from criminal to criminal, and used for the purposes of crime for as long as a criminal can wring yet more personal information out of it.
"Sending a letter" to those customers does NOT PROTECT THEM IN ANY WAY - if the criminals now have their addresses, it would be quite simple to sell those or use those to physically break in to the most promising properties value-wise and rob those customers. For example.
The statements Zurich makes above “We take the security of our customers’ data very seriously. What has happened is unacceptable to us,” is obviously completely untrue.
If they had taking it seriously, they
a) Would not be storing personal data in a non-DPA country
b) Would not have been so careless as to have lost the tape
c) Have had SOME modicum of measures in place to prevent it in the first place
That they did these things, shows to me, that they do NOT take the security of their customers seriously. Or, rather, maybe they DO NOW (when it is far, far too late).
I propose that if any of those 51,000 customers suffer ANY kind of loss in the next 50 years, due to information lost in this incident, that ZURICH foot the bill for that - in full.
If we had strong legislation and CONSEQUENCES for companies who are careless, we would probably find suddenly that information security gets taken seriously, instead of receiving the kind of backpedalling lip service that Zurich gives it.
Based on this article, I will now never use Zurich or any of it's affliates, and I will warn anyone and everyone - do not trust them with your data.
That is my standard reaction to any company that is this disorganised - I want nothing to do with them, I will shop elsewhere.
D.
Report this comment »