Insurance firm Norwich Union Life has been fined £1.26 million by the UK's financial regulator after failing to protect its customers from fraud.
The Financial Services Authority (FSA) said the company's failure to implement effective controls to protect customers' confidential information had resulted in a number of cases of actual and attempted fraud against policyholders.
Fraudsters were able to use publicly available information, such as names and dates of birth, to impersonate customers and obtain sensitive policyholder details from Norwich Union Life's call centres, the regulator revealed.
It said criminals then used the information to request that the policies of 74 customers, totalling £3.3 million, be cashed-in during 2006.
Norwich Union Life, which said all 74 policies had been fully reinstated by the company and support given to affected policyholders, admitted today a further 558 policies were placed at risk due to its procedural failings.
Responding to the FSA's fine, the insurer acknowledged any breach of customer confidentiality was "clearly unacceptable".
"We are sorry that this situation arose and apologised to the affected customers when this happened," said Norwich Union Life chief executive Mark Hodges.
He added: "We have extensive procedures in place to protect our customers but in this instance weaknesses were exploited and we were the target of organised fraud."
The FSA, which said Norwich Union Life had cooperated fully with its investigation, also criticised the company for failing to address the problems highlighted by the incidents even after they were identified by the insurer's own compliance department.
But the financial watchdog accepted the firm, part of the Aviva insurance group, had subsequently taken a number of remedial actions including cooperating with the police to identify the fraudsters involved and carrying out a review of its security processes.
FSA director of enforcement Margaret Cole said the fine imposed on Norwich Union Life sent a "clear message" to other finance firms that the regulator took information security seriously.
"Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure," she explained.
"It is vital that firms have robust systems and controls in place to make sure that customers' details do not fall into the wrong hands."