[Dataloss] follow-up: Insurer gets record fine for ID theft disaster
security curmudgeon
jericho at attrition.org
Tue Dec 18 07:00:53 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.techworld.com/security/news/index.cfm?newsID=10952
By John E. Dunn
Techworld
17 December 2007
A UK insurance house has been slapped with a record fine by the Financial
Services Authority (FSA) watchdog for incompetent customer account
security.
The latest offender is Norwich Union, which allowed fraudsters to
impersonate customers when phoning its call centres, cashing in policies
on an astonishing 74 occasions out of a total of recorded 632 attempts.
The criminals 11 suspects have now been arrested were able to steal a
total of 3.3 million during the scam, which took place in 2006.
The FSA has hit the company with a 1.26 ($2.6 million) million fine, a
record for the UK, and even larger than that levied on The Nationwide
Building Society earlier this year for losing a laptop full of unspecified
customer data in August 2006. The Norwich Union only avoided an even
larger fine of 1.8 million ($3.6 million) by promptly settling the charges
with the industry regulator, and agreeing to tighten up its procedures.
[..]
More information about the Dataloss
mailing list