Lloyds Bank has acknowledged that thousands of its customers' information may have been exposed when a data storage device was stolen from U.K. insurer Royal Sun Alliance (RSA) on July 30, 2015, BBC News reports.
Those affected are Lloyds Premier account customers who obtained emergency home insurance from RSA as a benefit of their Lloyds account between 2006 and 2012.
The data potentially exposed includes names, addresses, account numbers and sort codes.
"RSA was the home emergency insurance cover provider for a small number of Lloyds Premier Account holders and the data was held as per standard data retention requirements and processes," a Lloyds Bank spokesman told The Guardian. "We are continuing to work closely with RSA on their investigation and impacted customers have been contacted."
"We have undertaken a full review of our security procedures and controls and are in the process of carrying out a full investigation to understand how this incident occurred and to ensure it does not happen again," RSA said in a statement. "RSA has informed its regulators -- the Financial Conduct Authority (FCA), the Prudential Regulation Authority (PRA) and the Information Commissioner’s Office (ICO). Furthermore, the matter has been reported to the Police."
A spokesman for the FCA said it's making sure that assistance will be offered to those affected. "We will also work with the firms to look at the root causes of the data loss, since we expect all regulated firms to have adequate systems and controls in place so that customers' data is not left at risk," the spokesman said.
Notification letters regarding the breach were mailed on September 7, 2015. While there's no indication at this point that any of the data has been misused, all those affected are being offered two years of identity protection services from Cifas.
Unusually, affected customers will be required to pay a £20 registration fee for the Cifas service, then file a reimbursement request with RSA to get the £20 back.
Like many recent breaches, the data stolen in this case would have been rendered useless by encryption. And companies are finally starting to understand that -- a recent IANS survey of 100 information security influencers and decision makers found that 84 percent of respondents have considered a strategy of encrypting all data.
The survey, sponsored by Vormetric, also found that 54 percent of respondents said their top challenge in implementing encryption is legacy technology and support for encryption. Other challenges include the cost of encryption technology (52 percent) and concerns about performance impacts (44 percent).
This eSecurity Planet article offers six tips for stronger encryption.
Photo courtesy of Shutterstock.