Norwich Union fined for exposing customers to ID theft

Insurance giant Norwich Union has been fined £1.26 million by the Financial Services Authority (FSA) for security systems failures that resulted in 74 customers being defrauded of £3.3 million.

Inadequate systems and controls at the insurer’s call centres allowed fraudsters to obtain sensitive customer details, including confidential customer records such as addresses and bank details. The fraudsters then used the information to successfully impersonate 74 customers and cash-in their policies worth £3.3 million in total.

According to the City watchdog, Norwich Union Life, the insurer’s life insurance arm, failed to address the systems failures even after they had been identified by the company’s own compliance department.

“Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure,” said the FSA's director of enforcement, Margaret Cole.

The FSA’s record fine outstrips the £980,000 penalty issued against building society Nationwide in February for failing to encrypt a stolen employee laptop containing information relating to 11 million customers.

Cole said the size of the fine should act as a “clear message” to the financial services industry that information security must be taken seriously.

“It is vital that firms have robust systems and controls in place to make sure that customers’ details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft,” she added.

The insurer has fully co-operated with the FSA during the investigation, leading to a number of arrests.

Norwich Union Life is one of the UK's largest life insurance businesses with 6.8 million customers in the UK.

The insurer is one of a handful of financial services organisations to incur the wrath of the FSA in relation to information security and data theft issues.

The watchdog’s powers of enforcement within the finance sector are among the strongest and most extensive currently in existence in the UK – outstripping even those afforded to the Information Commissioner’s Office.

This issue was recently highlighted by information security expert and cross-bench Peer Lord Erroll, who has campaigned for the ICO to be granted similar punitive powers to the FSA in order to ensure consumers are properly protected from the risk of fraud and identify theft across the board.

Further reading 

Lord Erroll: HMRC breach a "godsend"

McAfee: Cyber-espionage resource drain

MI5: E-espionage resource drain

Inside job

UK child database delayed

HMRC breach sparks finance fears

Find more stories in the Security & Continuity Briefing Room

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics