The Financial Services Authority (FSA) has reported that it has fined Zurich UK £2,275,000 for "failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information". According to the FSA's Final Notice, "the breaches related to the management of risks associated with the security of customer information in the context of certain outsourcing arrangements."
Zurich UK has since taken steps to address the data security issues identified by this incident and in a response Stephen Lewis, Chief Executive of Zurich UK, said that Zurich UK had "commissioned a comprehensive review of... data security systems and procedures and [had] taken a number of steps designed to enhance those procedures." Mr Lewis also said that "We are appointing a dedicated Information Security Officer to provide ongoing assurance that appropriate measures are in place and that they will continue to be effective. We believe our customers can be confident that we are doing everything we can to keep their data secure and protected. The FSA has acknowledged that we fully cooperated with its investigation and recognised that we treated the incident with utmost seriousness and have demonstrated a commitment to take the necessary steps to ensure the on-going security of our customer data."