Norwich Union Life, one of the UK's largest life insurers, has been fined £1.26 million ($2.97 million) by the regulator for exposing its customers to the risk of fraud.
The Financial Services Authority (FSA) fined the Aviva plc UK subsidiary for not having effective systems to protect customers' confidential information and manage crime risks.
These flaws resulted in a number of actual and attempted frauds.
Fraudsters used information publicly available, including names and dates of birth, to impersonate customers and obtain sensitive customer details from its call centres.
Also, in some cases they were able to ask for confidential customer records, such as addresses and bank account details, to be altered.
Fraudsters then used the information to request the surrender of 74 customers' policies totalling £3.3 million ($7.7 million) in 2006.
"Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure," FSA director of enforcement Margaret Cole said.
Norwich Union Life has taken a number of remedial actions including reviewing its information security processes. It reinstated all surrendered policies in full.
The insurer agreed to settle at the early stage of FSA investigation and qualified for a 30 per cent discount. The fine would otherwise have been £1.8 million ($4.24 million).
Aviva Australia marketing and public relations general manager Tim Cobb said its anti-fraud measures were sophisticated and up to date.
Cobb said one of the strengths of being a global group organisation was being able to learn best practice from across the world.
When asked if Aviva plc's profile had been tarnished, Cobb said: "I think if you are a big, successful company then you are high profile."
