Zurich Insurance admits big data loss
Zurich Insurance has admitted losing the personal account details for more than half a million people more than a year ago. 51, 000 British customers' details were on the tape, along with hundreds of thousands of details from people in South Africa and Botswana. They should have received letters warning them of the loss in …
... they are facing up to it... a YEAR later.
... with an ID card, we'd never need worry about losing any personal data ever again.
Let's see what country is (roughly) between London and South Africa? Ooh look! It's Nigeria. I wonder what would happen if they go hold of the data...? (rhetorical)
I predict a spate of 419 scams....
I also wonder what punishment the ICO or FSA will mete out? I small fine, I suspect :(
Finally, what the hell were they doing sending tapes to SA in the first place...? That's taking offiste backup to an extreme!
"We've hired KPMG to find out why it has taken so long for this loss to come to light."
Trans.: "We've hired KPMG for PR purposes so that we can say we've hired KPMG to find out why it has taken so long for this loss to come to light."
Tape? Was it sent on a steam boat?
Maybe someone should explain to them about secure networks.
No, it's not. This is simply called outsourcing where the most cost effective (euphemism for cheapest) tender gets awarded. And this happened to be in SA. I'd like to add this is just uninformed speculation on my part and I'm connected neither to Zurich nor its auditors.
EA
Zurich have systems based in SA that look after UK customers.
Its categorically NOT a tax dodge...
Oh. Wait.
Zurich have recently announced that they are out-sourcing all of their IT (globally) to CSC.
Problem solved.
What use is it telling anyone a over a year after the event?
Can we assume yet another big organisation has f*cked up without all data (CDs, USB stick, backup tapes, etc) being encrypted and proper password management being in place?
The lack of reassurance on this point suggests they have...
yeah, yeah, yeah. If the gov itself wasn't so slap-happy with peoples data we might then see some huge freakin fines to make sure companies don't do it again... and another huge freakin fine for covering it up for a year (putting victims at further risk). Dreamin', I know, I'm dreamin'
Hmmm, now if it was me "losing" company/gov data then I'm sure I would swiftly be dragged into court and made out to be a "terrorist" of epic proportions. Must be nice to able to hide under the skirt of institutionalised incompetence.
So with the postal strike we can all wait another couple of months before finding out if we are on the list.
Must be a good time to post bad news.
Let me guess - The tape was on it's way to a certain Ferrous Hill's storage facillity and got lost. The tape had a 1 year retention and it was only discovered that it was lost when the aforementioned company failed to return it, they investigated and found that the tape had never been checked in to their storage facillity, but Zurich can show that it left their datacentre.
Not that I've seen this happen time and time again. (Anon for obvious reasons)
Oh and if you think tape is old technology you really don't know much about storage.
Wasn't their ad slogan "because change happenz", as an amusing adaption from "shit happens".
Perhaps they should resort to the original?
"I also wonder what punishment the ICO or FSA will mete out?"
ROTFL
See "A trip to the ICO’s security-free world " on http://www.telegraph.co.uk/finance/comment/citydiary/6275124/City-diary-Tories-and-tramps-are-ready-for-change.html
I thought data on UK people was subject to UK and Common Market strictures.
It's bad enough having the Blair/Brown enterprise opening up everyone's privacy for unaccountable civil servants, 'intelligence' types and police to rifle through without account, now we have the same risk from the South African government.
Maybe people completing forms should write on them this data is not permitted to leave the geographical UK.
That the bank would treat my mortgage in the same way!
Going by the Zurich web site it's only people with "Zurich Private Clients, Zurich Special Risks and Zurich Business Insurance Direct" policies who are affected not things like car insurance. Although there'd be some juicy info in some of those, probably more so than car insurance for example.
Still wondering how on earth they manage to lose this stuff and what the couriers say.
there has been no misuse of the data? The thieves are hardly likely to be taking out insurance policies.
