A London-based insurance group has been fined £150,000 by the Information Commissioner’s Office (ICO) after the loss of nearly 60,000 customers’ financial data.
Royal & Sun Alliance Insurance failed to keep customers’ information safe by not taking appropriate measures to prevent theft at its offices in west Sussex.
A hard drive was stolen between May and July 2015 containing 59,592 customers’ names, addresses and bank account details including account numbers and sort codes.
The device, not yet recovered, also held limited credit card details of 20,000 customers.
The ICO enforcement officers found the device was stolen from company premises either by a member of staff or a contractor.
It said the information on the hard drive was not encrypted and the room it was stored in did not have CCTV.
The ICO said the company also failed to restrict access to the room to essential staff and contractors.
The fine must be paid by February 8. If it is paid in full by February 7 the fine will be reduced by 20 percent to £120,000 unless the company appeals.
Steve Eckersley, head of enforcement at the ICO, said: “Customers put their trust in companies to keep their information safe, particularly financial information.
“When we looked at this case we discovered an organisation that simply didn’t take adequate precautions to protect customer information.
“Its failure to do so has caused anxiety for its customers not to mention potential fraud issues.”