Chubb mailing gaffe exposes customers’ personal data

chubb2Insurance giant Chubb, whose latest ad campaign claims the company’s policies are tailor-made to protect customers’ data, has been left with egg on its face after a major printing gaffe on a personalised double-sided mailshot has exposed customers’ personal details.
The bulk mailing, which informed customers about a policy document change, had the recipient’s details on one side and another customer’s information – including name, address and policy document number – on the reverse. It is not known which company handled the mail campaign.
Chubb has been forced to send out a grovelling letter, which states: “We regret any inconvenience or misunderstanding this message may have caused you. Chubb takes the protection of your personal data very seriously and is committed to protecting the privacy and security of all data entrusted to it by customers, employees and others.”
However, it raised more than a few eyebrows by urging customers to simply “discard this previous letter and refer to this version only, which details important information below about core for insured persons”.
Chubb added: “We have corrected the error and have taken steps so this does not happen again in the future… please accept our apologies for this oversight.”
An ICO spokeswoman told The Register: “We have received a report from Chubb European Group SE and we will assess the information provided.”
The $19bn (£14.6bn) revenue firm is not the first – and is unlikely to be the last – to caught with its trousers down over a personalised mailshot. Last September, thousands of Npower customers had their personal details compromised in a targeted direct mail campaign for its Feed-In Tariffs solar panel scheme.
The issue – which affected about 5,000 customers – was blamed on the company’s fulfilment house due to the fact that while the covering letter was correctly addressed, other customers’ details were wrongly attached.
The compromised data included names, addresses and payment amounts, but not bank details.

Related stories
Npower direct mail blunder sparks data breach probe
O2 blunder triggers mailshot to ‘Mr Isis Terroriste’
DVLA data governance car crash fuels mailing cock-up
PPI firm grovels over ‘Dear Mr Dick Head’ mailshot