LONDON - The UK Financial Services Authority (FSA) has fined Norwich Union Life £1.26 million for exposing its customers' confidential information to fraud.

Several external fraud incidents took place, due to poor systems and controls at the firm, which resulted in a number of customers' names and dates of birth becoming publicly available. The fraudsters gained further confidential account access and information by impersonating customers in calls to the firm's call centres.

In all, 74 customers' policies - totalling £3.3 million - were surrendered to identity theft scams during 2006. The FSA said Norwich Union Life had failed its customers by not keeping their information secure and not properly assessing its fraud risk.

The company's own compliance department reported to superiors on the exposure after it had taken place, but nothing was at first done to rectify the problem. Norwich Union Life co-operated with the FSA investigation, conducting a review of information security processes and reinstating the policies in full.

Margaret Cole, FSA enforcement director, says: "This fine is a clear message that the FSA takes information security seriously and requires that firms do so too."

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here