follow-up: Insurer gets record fine for ID theft disaster

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.techworld.com/security/news/index.cfm?newsID=10952

By John E. Dunn
Techworld
17 December 2007

A UK insurance house has been slapped with a record fine by the Financial 
Services Authority (FSA) watchdog for incompetent customer account 
security.

The latest offender is Norwich Union, which allowed fraudsters to 
impersonate customers when phoning its call centres, cashing in policies 
on an astonishing 74 occasions out of a total of recorded 632 attempts. 
The criminals 11 suspects have now been arrested were able to steal a 
total of 3.3 million during the scam, which took place in 2006.

The FSA has hit the company with a 1.26 ($2.6 million) million fine, a 
record for the UK, and even larger than that levied on The Nationwide 
Building Society earlier this year for losing a laptop full of unspecified 
customer data in August 2006. The Norwich Union only avoided an even 
larger fine of 1.8 million ($3.6 million) by promptly settling the charges 
with the industry regulator, and agreeing to tighten up its procedures.


[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml