U.K. regulator the Financial Services Authority has hit Zurich Insurance with a record fine for failing to keep confidential customer information safe.

Zurich lost the personal details of 46,000 customers, including in some cases their bank and credit card information.

The regulator found that the company did not have adequate systems and controls in place to prevent the data loss and fined it £2.275m ($3.51 million). The firm earned a 30 percent discount because it settled early: The fine would have been £3.25m ($5.02 million) otherwise.

The insurance company’s U.K. arm had outsourced the processing of some of its customer data to its South African business, Zurich SA, which lost an unencrypted back-up tape during a routine transfer to a data storage center.

The U.K. business did not learn about the loss until a year later because there were no proper reporting lines in place.

"Zurich U.K. let its customers down badly,” said Margaret Cole, the FSA’s director of enforcement and financial crime. “It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed.”

The company's U.K. chief executive, Stephen Lewis, said Zurich has improved its data security systems and procedures, including appointing a dedicated information security officer to provide ongoing assurance. “We are doing everything we can to keep [customer] data secure and protected,” he said.

Topics