The UK branch of Zurich Insurance has reported the loss of a back-up data tape in South Africa that contained the details of 51,000 general insurance customers.
It claimed that it had written to the customers and ‘other parties in the UK' to inform them of the loss and the remedial actions being taken.
It claimed that the back-up tape was lost during a routine transfer within South Africa to a data storage centre in August 2008. The back-up tape also held details of customers and other parties in South Africa and Botswana. Zurich UK's investigation into the loss of the back-up tape has revealed deficiencies in the management of data tape security procedures in South Africa.
It found that to date, Zurich UK has seen no evidence to suggest that this data has been misused or compromised.
Annette Court, CEO Europe general insurance of Zurich Financial Services Group, said: “We apologise to any customers affected by this unfortunate matter. We take the security of our customers' data very seriously. What has happened is unacceptable to us.
“At this time, our first and foremost concern is our customers and we are doing all we can to support and assist them in these circumstances and have put in place a dedicated response team to help support them.
“We are implementing the necessary steps to minimise the impact of this situation on our customers. Protecting our customers' interest is at the top of our agenda. We are putting a great deal of investment into strengthening our internal processes to ensure that incidents of this nature do not happen again in the future.”
Jamie Cowper, marketing director EMEA at data encryption firm PGP, said: “Zurich UK's customers might be surprised to hear that their data is being kept in South Africa, a country which is yet to pass the Protection of Personal Information Bill – its equivalent of the Data Protection Act. However, global trends around data outsourcing mean that confidential customer data could be held absolutely anywhere.
“Whilst Zurich has been keen to downplay any assertion that the data could be compromised, unless the tape is recovered it is impossible to be sure. Who can predict what will become of this data in a few months or even a few years' time?
“As with all data breaches – the message here must be absolutely clear. Customer data should always be protected. That means deploying proven solutions, such as encryption, to ensure that sensitive information is fully protected no matter whose hands it falls into.”