The FSA has fined the UK branch of Zurich Insurance £2.3m for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information.
The fine is the highest levied to date on a single firm for data security failings and follows the loss of 46,000 customers’ personal details, including information on bank accounts, credit cards, insured assets and security arrangements.
The FSA says the loss could have led to serious financial detriment for customers and even exposed them to the risk of burglary.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited.
In August 2008, Zurich SA lost an unencrypted back-up tape during transfer to a data storage centre but Zurich UK did not learn of the incident until a year later.
By agreeing to settle at an early stage, Zurich received a 30 per cent discount on what would have been a fine of £3.25m.
FSA director of enforcement and financial crime Margaret Cole says: “Zurich UK let its customers down badly.”