Categories: SecurityWorkspace

Insurance Company Loses Customer Data

An insurance company has been found in breach of the Data Protection Act after laptops containing 2,000 customers’ details went missing from its offices.

London Mutual Insurance Society was criticised by the Information Commissioner’s Office (ICO) for failing to take adequate precautions to safeguard customer data after eight laptops in total went missing from the company’s Edinburgh offices – two of which held customer data.

The company has not clarified if the machines were stolen or lost and covered both bases in an undertaking to the ICO signed by the company’s chief executive Michael Yardley. “The Information Commissioner (the “Commissioner”) was provided with a report of the theft or loss of eight laptops from the Edinburgh offices of the data controller, which occurred sometime between 15 April and 15 June 2009,” the undertaking stated.

Customer details unencrypted

The undertaking also revealed that the two machines containing the customer data were password protected but not encrypted. “They contained a significant amount of personal data relating to 2,135 individuals,” the undertaking stated. “These individuals were employees of various firms which had sought pension scheme illustrations from the data controller via independent financial advisers.”

According to the ICO, the company did not appear to know where the machines were at any one time or what data they actually contained. “It is particularly concerning that the organisation was unaware of the whereabouts of the laptops at any given time or what information they held,” said Mick Gorrill, head of enforcement at the ICO. “All staff members should be fully aware of the policies and procedures in place to safeguard personal information and should be appropriately trained.”

In January the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition.  The ICO said that more than 800 data security breaches have been reported over the last two years. The ICO warns that companies that approach it voluntarily will still face some action, but those businesses which attempt to cover-up security incidents will be hit with much tougher penalties.

The Conservative Party’s plans to increase privacy and reduce the amount of government data will involve a big increase in the powers of the Information Commissioner, a London meeting heard recently. “Our personal data belongs to us, and the government holds it on trust,” said Eleanor Laing, MP, the shadow Minister for Justice, speaking at a Westminster Legal Policy Forum meeting in London.

In February a mortgage company was found in breach of the Data Protection Act after accidentally emailing details of more than 15,000 customer accounts to the wrong address.

Andrew Donoghue

View Comments

  • It is not uncommon for organizations to report lost or stolen laptop computers that contain sensitive information. Laptops are not the place to store critical information. Responsible company security policies should dictate that sensitive information, whether it be Social Security numbers, credit card numbers or proprietary company information – should be stored in controlled database environment. If this data is stored and protected in the database, database activity monitoring and controls can be implemented to deliver alerts if employees download critical information onto a laptop computer in violation of corporate policy.

    Thom VanHorn, Vice President of Global Marketing, Application Security, Inc.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

4 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

6 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

8 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

1 day ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

1 day ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

1 day ago