Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The UK Financial Services Authority has issued its largest ever fine for a data breach to the UK branch of Swiss insurance giant Zurich.
Zurich was Tuesday given a £2,275,000 ($4 million) fine for losing highly confidential customer information, including bank account and credit card information, details about insured assets and security arrangements.
"Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA," Margaret Cole, the FSA's director of enforcement and financial crime said in a statement.
"To make matters worse, Zurich UK was oblivious to the data loss incident until a year later."
The UK insurance arm had outsourced customer data processing to Zurich Insurance Company South Africa, which in 2008 lost the unencrypted back-up tape, which contained the details of 46,000 customers.
The FSA believed the loss could have exposed customers to the risk of burglary, despite Zurich claiming that it had seen no evidence the data had been misused since it lost it.
The institution should have implemented effective controls to manage data risks that could arose from its outsourcing arrangement, said the FSA.
The regulator had issued previous data loss fines to HSBC, Nationwide and Norwich Union.
HSBC's £3 million data security fine in 2009 topped Zurich UK's, but was spread across three of its brands. HSBC also recently admitted it had downplayed a serious data theft from within the company, when it revealed that not 10 but 15,000 clients were affected.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.