Zurich UK gets fined millions over data loss gaffe

The UK branch of Zurich Insurance is in deep doo-doo with the Financial Services Authority for losing a shedload of confidential customer information, having to pay the largest ever fine levied to a single firm over security problems – a cool £2,275,000. 

46,000 customer details were lost by the company including full identity details as well as bank account and credit card information. Insured assets details and security arrangements were also lost. It’s the kind of stuff you really don’t want going walkabout. The FSA said the grandiose nature of the gaffe and the potential danger it put customers in is plain unacceptable.

All the lost information leaked while the UK branch tried to outsource it to Zurich Insurance SA in 2008. It lost the back-up tape on the way to a data storage centre instantly leaking the personal details of tons of customers. As it didn’t give enough of a stuff about security at the time, Zurich UK had absolutely no idea it had made a major gaffe until someone got screwed a year later. Some mothers do ‘ave ’em.

Fair play to Zurich, it threw its hands up and said “We’re crap” to the FSA. Because it admitted being completely hopeless with extremely sensitive information, the FSA gave it a special one time only 30 percent discount. It was fined for £2,275,000 instead of £3.2 million. 

Margaret Cole, FSA director of financial crime, said: “Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later. Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made.”