Broker fined £175k for cyber breach
The Information Commissioner’s Office (ICO) has fined over 50s personal lines broker Staysure £175,000 after it was revealed that customer information had been accessed and stolen by cyber criminals.
More than 5,000 customers had their credit card details stolen but investigations showed that hackers potentially had access to over 100,000 live credit card details and customer medical records.
The ICO was especially critical of the way that credit card security numbers were exposed, despite industry rules dictating that they should never be kept in the first place.
The ICO investigation found that Staysure had breached the Data Protection Act by failing to keep the personal information secure.
The company had no policy or procedures in place to review and update IT security systems, and had twice failed to update database software which could have prevented the incident. This left security flaws in the system, some for as long as five years, which hackers ultimately exploited to gain access to customer information.
ICO head of enforcement Steve Eckersley said: “It’s unbelievable to think that a company holding three million customer records did not have the procedures in place to keep that information secure.
“Keeping personal information secure is a basic legal requirement. The company’s actions were unacceptable and this penalty notice reflects the severity of the situation.”
“The fine issued by the ICO today should send a clear message to other companies of the importance of proper IT security.”
To find out more about cyber risks and insurance click here.