The UK Financial Services Authority has issued its largest ever fine for a data breach to the UK branch of Swiss insurance giant Zurich.
Zurich was Tuesday given a £2,275,000 ($4 million) fine for losing highly confidential customer information, including bank account and credit card information, details about insured assets and security arrangements.
"Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA," Margaret Cole, the FSA's director of enforcement and financial crime said in a statement.
"To make matters worse, Zurich UK was oblivious to the data loss incident until a year later."
The UK insurance arm had outsourced customer data processing to Zurich Insurance Company South Africa, which in 2008 lost the unencrypted back-up tape, which contained the details of 46,000 customers.
The FSA believed the loss could have exposed customers to the risk of burglary, despite Zurich claiming that it had seen no evidence the data had been misused since it lost it.
The institution should have implemented effective controls to manage data risks that could arose from its outsourcing arrangement, said the FSA.
The regulator had issued previous data loss fines to HSBC, Nationwide and Norwich Union.
HSBC's £3 million data security fine in 2009 topped Zurich UK's, but was spread across three of its brands. HSBC also recently admitted it had downplayed a serious data theft from within the company, when it revealed that not 10 but 15,000 clients were affected.