RSA Group has announced that a storage device containing personal data belonging to thousands of its Lloyds Premier Account policyholders has been reported as stolen, according to Business Insider.
In what the outlet describes as a “depressingly simple” breach, the box, which resembles an old-fashioned VCR player, went missing without explanation. The insurer admits that the device stored such sensitive client information as “names and addresses, bank account and sort code details.”
RSA provided emergency home insurance for the Lloyds Bank clients, and says that it sent a letter to anybody who may have been affected by the leak.
The breach should only impact policyholders who obtained policies between 2006 and 2012 and made at least one claim on their coverage, according to BBC News. Although there is not yet any indication that the device is being used maliciously, the insurer is offering two years of complimentary identity protection to all affected parties through the anti-fraud firm Cifas.
The insurer issued a statement recommitting itself to privacy, telling clients, “We have undertaken a full review of our security procedures and controls and are in the process of carrying out a full investigation to understand how this incident occurred and to ensure it does not happen again.”
It is also working with regulators and the police to investigate the matter.
The theft follows a string of data breaches affecting insurers, including last week’s hack on U.S. health insurer Excellus which exposed more than 10 million policyholders’ personal records.