On December 17, 2007, the UK Financial Services Authority (FSA) fined Norwich Union Life — the largest UK insurance company offering instant online insurance — GBP 1.26 million (approx. €1.7 million or US$ 2.5 million) for neglecting to put in place effective systems and controls to protect customers’ confidential information. Because of the weakness of the Norwich Union Life system, fraudsters were able to use publicly available information such as names and birthdates to impersonate customers and obtain sensitive customer details from its call centers. The FSA found out that the insurance company had failed to properly assess the risks of financial crime and therefore its customers were more likely to fall victim to such crimes. Norwich Union settled at the early stage of the investigation and also reinstated its policies in full.
The full text of the notice about a financial penalty is available (in English) at: http://www.fsa.gov.uk/pubs/final/Norwich_Union_Life.pdf