Back
FSA fines Zurich record £2.2 million for data breach
24 August 2010
The Financial Services Authority has fined Zurich Insurance £2.27 million for the loss of computer back-up tapes containing the details of 46,000 policy holders. Zurich failed to have the systems in place to prevent the loss of confidential information from clients including bank and credit card details, according to the FSA. The unencrypted back-up tape was lost when Zurich UK outsourced the processing of information from its general insurance customers to its South African arm. Zurich South Africa lost the tapes during a routine transfer to a data storage centre but Zurich UK did not learn about the loss until a year later. ‘Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA,’ said Margaret Cole (pictured), FSA director of enforcement. ‘To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.’ Zurich agreed to settle at an early stage of the investigation which led to its fine being cut from £3.25 million. The FSA noted that this was the largest fine levied against a single firm for data security filings. Zurich informed customers that it had lost this information in October 2009 and has commissioned KPMG to review its procedures. ‘This incident was unacceptable,’ said Stephen Lewis, chief executive of Zurich Insurance. ‘We believe our customers can be confident that we are doing everything we can to keep their data secure and protected.’ Published by CityWire
