.shock - Fotolia

RSA Group flags ID theft risk to Lloyds Bank customers following datacentre storage theft

International insurance group has seen 500 customers take up offer of identity theft protection in wake of datacentre theft

RSA Group has confirmed the theft of a storage device from one of its datacentres is likely to have contained information belonging to a “small number” of Lloyds Bank home insurance customers.

Details of the theft came to light on 10 September 2015, when the international insurance group released a statement alerting customers to the breach.

While the company has sought to reassure customers that much of the data held on the device is publicly available, the names, addresses, bank account details and sort codes for some were also stored on it.

“We have advised our regulators and are in the process of contacting potentially impacted customers to apologise,” the company said, before confirming that a police investigation into the incident has been launched.

An RSA Group spokesperson told Computer Weekly a “small number” of customers may have had their information compromised as a result of the theft, and it is in the process of notifying them in writing.

“The people who have been primarily affected are the Lloyds Bank Premier Account customers who’ve had home emergency insurance cover,” the spokesperson added.

In the wake of the theft, the company is offering customers free access to the Cifas anti-identity theft tool for the next two years. Around 500 customers are understood to have already taken up the offer.

The UK data protection watchdog, The Information Commissioner’s Office (ICO) confirmed to Computer Weekly that it is aware of the breach and intends to investigate.

RSA operates in the UK consumer market under the More Than brand, but also has a commercial arm that offers insurance policies to business-to-business (B2B) customers. It claims to have more than 19 million customers worldwide. 

Read more about datacentre security

  • Datacentre operators are putting the integrity of their facilities at risk by prioritising the physical security of their sites over safeguarding them from cyber attacks.
  • The security challenges of the cloud are fundamentally the same as those of any in-house datacentre, says Google.

Read more on Regulatory compliance and standard requirements