Zurich Insurance has been hit with a £2.3 million penalty by the UK’s Financial Services Authority after it lost data relating to 46,000 of its customers.
The fine has been applied to the UK branch of the insurance giant after it lost customers’ sensitive data, including information on their identities, bank accounts and credit cards.
The data was lost after Zurich’s South African subsidiary, which is repsonsible for processing customer data, misplaced an unencrypted back-up tape during a routine data transfer in 2008.
The company itself was not aware of the incident until a year later. The FSA said this fact reflected inadequate internal reporting procedures.
“[Zurich] failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA,” said Margaret Cole, FSA director of enforcement and financial crime in a statement. “To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.”
There is no reason to believe that any of the data has been compromised, the FSA says.
Zurich’s fine is the largest ever levied on any single organisation for data security failings. Previously, the FSA has handed out charges of £2 million and £1 million to HSBC and Nationwide respectively for data loss incidents.