Insurance firm RSA hit with £150,000 fine in UK over stolen customer data
The UK's Information Commissioner's Office (ICO) has fined Royal & Sun Alliance Insurance PLC (RSA) £150,000 for failing to keep customers’ information safe.
An investigation from ICO delved into the theft of a hard drive device containing RSA customers’ personal data including their names, addresses and bank account information as well as their account numbers and sort codes.
The investigation also found that the stolen hard drive had certain credit card details of 20,000 customers. However, the CVC numbers and expiry dates remained secured as per the data protection regulator.
Its enforcement officers determined that RSA did not place adequate measures to keep the financial information secured of its customers. The theft in question happened at RSA’s offices in West Sussex.
ICO enforcement head Steve Eckersley said that customers place their trust in firms to store their information securely, especially when it contains financial information.
Eckersley added: “When we looked at this case we discovered an organisation that simply didn’t take adequate precautions to protect customer information. Its failure to do so has caused anxiety for its customers not to mention potential fraud issues.”
“There are simple steps companies should take when using this type of equipment including using encryption, making sure the device is secure and routine monitoring of equipment. RSA did not do any of this and that’s why we’ve issued this fine.”
According to ICO, the hard drive was either stolen by a staff member of the London based general insurance firm or a contractor from its premises. The data on the device, which was never recovered, was also unencrypted, stated the watchdog.
Image: ICO fined £150,000 on RSA for allegedly compromising safety of personal data of nearly 60,000 customers. Photo: courtesy of Information Commissioner’s Office.