RSA Group has confirmed the theft of a storage device from one of its datacentres is likely to have contained information belonging to a “small number” of Lloyds Bank home insurance customers.
Details of the theft came to light on 10 September 2015, when the international insurance group released a statement alerting customers to the breach.
While the company has sought to reassure customers that much of the data held on the device is publicly available, the names, addresses, bank account details and sort codes for some were also stored on it.
“We have advised our regulators and are in the process of contacting potentially impacted customers to apologise,” the company said, before confirming that a police investigation into the incident has been launched.
An RSA Group spokesperson told Computer Weekly a “small number” of customers may have had their information compromised as a result of the theft, and it is in the process of notifying them in writing.
“The people who have been primarily affected are the Lloyds Bank Premier Account customers who’ve had home emergency insurance cover,” the spokesperson added.
In the wake of the theft, the company is offering customers free access to the Cifas anti-identity theft tool for the next two years. Around 500 customers are understood to have already taken up the offer.
The UK data protection watchdog, The Information Commissioner’s Office (ICO) confirmed to Computer Weekly that it is aware of the breach and intends to investigate.
RSA operates in the UK consumer market under the More Than brand, but also has a commercial arm that offers insurance policies to business-to-business (B2B) customers. It claims to have more than 19 million customers worldwide.
Enjoy the benefits of CW+ membership, learn more and join.