Norwich Union fined over security lapsesInsurer exposed customers to risk of fraud

17 December 2007

A pile of notes and coins.

Insurance giant Norwich Union Life has been fined £1.26 million for failing to protect customers' confidential information.

The Financial Services Authority (FSA) said the company’s failings meant fraudsters were able to steal £3.3 million from customers.

The thieves used publicly available information such as names and dates of birth to impersonate customers and obtain sensitive personal details from its call centres.

Financial crime

The FSA said that in some cases they were also able to ask for confidential customer records such as addresses and bank account details to be altered.

The fraudsters then used the information to cash in the policies of 74 customers.

The FSA said that Norwich Union Life had failed to properly assess the risks posed to its business by financial crime, including criminals seeking to obtain customers' confidential information.

Identity theft

The thieves targeted 632 customers in total. Margaret Cole, FSA Director of Enforcement, said: ‘Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure.

‘It is vital that firms have robust systems and controls in place to make sure that customers' details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft.

‘This fine is a clear message that the FSA takes information security seriously and requires that firms do so, too.’

The FSA said that Norwich Union Life had fully reimbursed the 74 customers hit, and co-operated with the FSA and police to tackle the fraud. There have been 11 arrests in connection with the case so far.