Royal & Sun Alliance (RSA) has been handed a big fine by the Information Commissioner (ICO) for losing a networked hard drive full of unencrypted customer data in strange circumstances. The database containing 59,592 customer records, including names, addresses, bank and sort numbers. In 20,000 cases, credit card primary account numbers were also mentioned, although not expiry dates or CVV numbers. The lack of encryption is one takeaway, although password protection was in place. The fine fell short of the maximum of 500,000 that could have been imposed.”]
Source: https://nakedsecurity.sophos.com/2017/01/12/insurer-hit-with-fine-after-unencrypted-nas-stolen/