Insurance giant Norwich Union has been fined £1.26 million by the Financial Services Authority (FSA) for security systems failures that resulted in 74 customers being defrauded of £3.3 million.
Inadequate systems and controls at the insurer’s call centres allowed fraudsters to obtain sensitive customer details, including confidential customer records such as addresses and bank details. The fraudsters then used the information to successfully impersonate 74 customers and cash-in their policies worth £3.3 million in total.
According to the City watchdog, Norwich Union Life, the insurer’s life insurance arm, failed to address the systems failures even after they had been identified by the company’s own compliance department.
“Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure,” said the FSA's director of enforcement, Margaret Cole.
The FSA’s record fine outstrips the £980,000 penalty issued against building society Nationwide in February for failing to encrypt a stolen employee laptop containing information relating to 11 million customers.
Cole said the size of the fine should act as a “clear message” to the financial services industry that information security must be taken seriously.
“It is vital that firms have robust systems and controls in place to make sure that customers’ details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft,” she added.
The insurer has fully co-operated with the FSA during the investigation, leading to a number of arrests.
Norwich Union Life is one of the UK's largest life insurance businesses with 6.8 million customers in the UK.
The insurer is one of a handful of financial services organisations to incur the wrath of the FSA in relation to information security and data theft issues.
The watchdog’s powers of enforcement within the finance sector are among the strongest and most extensive currently in existence in the UK – outstripping even those afforded to the Information Commissioner’s Office.
Lord Erroll: HMRC breach a "godsend"
McAfee: Cyber-espionage resource drain
MI5: E-espionage resource drain
HMRC breach sparks finance fears
Find more stories in the Security & Continuity Briefing Room