£2.28 million fine for Zurich Insurance's data loss
Zurich Insurance's UK branch has been fined £2.27 million by the Financial Services Authority (FSA) as punishment for losing the details of 46,000 customers. Zurich lost an unencrypted backup tape which contained the data while it was being transferred to a South African data storage centre in 2008. The records included customer identities, bank account, credit card and other financial information. The company did not become aware of the loss until a year later. The fine is, to date, the largest company fine for a single data loss although HSBC were fined £3 million in 2009 for a number of separate losses of customer data.
Because the company agreed to settle early on in the investigation by the FSA, the fine was reduced by 30%. Without that cooperation the fine would have been £3.25 million. Margaret Cole, the FSA's director of enforcement and financial crime said the company had "let it's customers down badly" noting that the company failed to effectively oversee its outsourcing and lacked full control of the data being processed in South Africa. "Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made" added Cole. The FSA say that, according to Zurich UK, there is no evidence that the lost data has been misused.