Royal & Sun Alliance Insurance PLC data breaches left thousands of customers’ data compromised. The ICO have investigated and issued a fine of £150,000.
The RSA data breach saw nearly 60,000 customers’ personal information compromised. The ICO have launched an investigation into the theft of a hard drive device containing customer names, addresses and bank account details, including account numbers and sort codes.
This stolen device also held credit card details of 20,000 customers; however, the CVC numbers and dates were not effected.
ICO officers found that Royal & Sun Alliance Insurance PLC did not have effective security measures in place to protect the financial information, as Mark James explains.
“Fines by the ICO for security breaches have been a matter of discussion for some time.
“For most they seem fairly small, and if we think about the actual monetary value they are, the fine itself may seem fairly insignificant but that of course is not the whole story.
“The PR exposure, your customer hearing about your failings and of course the damage done through the act in the first place all have a cost.
“The topic of security these days is on everyone’s lips, and something that every company needs to take seriously.
“It’s not possible to protect against every possible attack vector but you should be able to take reasonable precautions to ensure you have done all you can to protect the data of your users.
“Encryption is not new, it has a relative low cost and can be rolled out and maintained with ease.
“It would not have stopped the theft of the hard drive in this case, but it would have stopped the data being accessible.
Do you think a fine is enough? What other penalties could be in place? Let us know on Twitter @ESETUK
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.