Zurich Insurance Plc (Zurich UK)

What

Loss of personal information including bank and credit card details and details of insured properties.

How much

46,000 records.

Why

Unencrypted backup tape lost by Data Processor.

Regulator

FSA

Regulatory action

Monetary penalty: £ 2,275,000

Reason for action

Zurich did not audit data processor (a Group company in South Africa) and relied on group policies procedures and controls rather than managing the outsourced relationship as with a normal data processor.

When

24 August 2010

Links

View the press release relating to Zurich Insurance on the FSA website

View PDF of the Zurich Insurance Final Notice (via FSA website)

View PDF of the Zurich Insurance Final Notice (Breachwatch archive)