Zurich UK fined £2.275m by FSA
by Richard Kilner
Story link: Zurich UK fined £2.275m by FSA
Zurich Insurance Plc (Zurich UK) has been fined £2,275,000 by the Financial Services Authority (FSA) for having inadequate systems and controls in place to safeguard customers’ confidential information.
The fine is a record for a single firm that failed in its obligation to provide proper data security.
The fine comes after the loss of 46,000 customers’ personal details (including some bank and card details), exposing customers to risk of financial damage or burglary.
Zurich UK has found no sign that the missing information has been used by a malevolent individual or group, however.
Two years ago, Zurich Insurance Company South Africa Limited (Zurich SA), to whom Zurich UK outsources some processing duties, lost an unencrypted back-up tape, a fact which was only learnt of by Zurich UK a year later due to inadequate reporting lines.
Margaret Cole, the FSA’s director of enforcement and financial crime, has said that Zurich UK let its customers down badly by its failure, which was only discovered a year after the event.
Had Zurich not agreed to settle early, it would have been handed a fine of £3.25m.