Insurance Company Loses Claim Files During Office Move

The Scenario

Sudwest Versicherungsmakler GmbH, based in Stuttgart, Germany, has been serving approximately 4,200 private and commercial clients for 18 years. In March 2026, the company's long-planned move from their offices on Konigstrasse to a larger space in the Europaviertel district is finally underway. Managing director Sandra Meier has hired a moving company that offered the lowest bid — 3,800 euros for the entire office, one weekend of work.

Saturday morning, the four-person moving crew begins loading. In the archive room, there are 47 moving boxes containing claim files from 2018 through 2025. Each box holds between 40 and 120 individual case files containing highly sensitive documents: medical reports and diagnoses, accident photographs showing identifiable individuals, income statements and payroll records, police accident reports with witness statements, disability assessments, liability claim reports, and insurance medical opinions.

By Sunday evening, the move is complete. Sandra counts the boxes in the new archive room: 44 instead of 47. Three boxes are missing. The moving company cannot locate them — the team leader suspects they "must still be in the truck somewhere" and promises they will turn up on Monday.

Monday comes. The boxes do not turn up. Tuesday passes. Nothing. The moving company claims all boxes were delivered and rejects any responsibility. Sandra files a report with the police.

Three weeks later, a freelance journalist contacts Sandra. He has found hundreds of insurance documents in a paper recycling container at a waste facility in nearby Esslingen — complete with patient names, medical diagnoses, bank account numbers, and personal photographs. He is preparing a story for the Stuttgarter Zeitung. The three missing boxes had apparently been left by the moving crew in a disposal container by mistake and collected along with another customer's waste paper.

But that is not all. During an inventory check of the new office, Sandra's IT consultant discovers that a portable hard drive is also missing — a Western Digital My Passport with 2 terabytes of storage. This drive contains digital copies of every claim file since 2019: more than 4,000 client records with scanned medical reports, invoices, correspondence, and internal assessment notes. The hard drive was not encrypted and had no access password. It had been sitting openly on a desk in the old office.

Sandra is now facing a double data protection disaster. Physical files containing sensitive health data for an estimated 350 clients have been found publicly accessible at a recycling facility. And an unencrypted hard drive holding more than 4,000 complete digital client records has vanished without a trace — possibly stolen, possibly disposed of, possibly in the hands of an unknown third party.

The Risks

This incident combines the worst-case scenarios of both physical and digital data loss:

Health data under Art. 9 GDPR exposed. Medical reports, diagnoses, and disability assessments belong to the special categories of personal data that receive the highest level of protection under European law. Their uncontrolled release can lead to discrimination by employers, insurers, and within social networks. Affected clients could face difficulties when applying for new insurance policies or loans.

Identity theft at scale. The combined data — personal details, bank account information, employers, salary figures, and health records — enables comprehensive identity fraud. With this information, criminals can open accounts, apply for credit, and conduct targeted social engineering attacks.

Uncontrollable data leakage. The unencrypted hard drive can be read by anyone at any time. If it has fallen into the wrong hands, more than 4,000 client files are compromised without the affected individuals ever knowing — until it is too late.

Destruction of client trust. Insurance clients entrust their broker with the most intimate details of their lives — illnesses, accidents, financial hardships. Breaking this trust is, for many clients, reason enough to immediately switch to a different broker.

Media exposure. A journalist has already found the files. Coverage in the regional and potentially national press will multiply the damage. Clients who were previously unaware of the incident will learn about it in the worst possible way.

Professional consequences. The regulatory authority for insurance intermediaries can question the broker's reliability and revoke the trading license. Insurance carriers may also terminate their cooperation agreements once they learn that client data has been systematically under-protected.

Legal Consequences

This incident represents one of the most severe conceivable violations of the GDPR, as special categories of personal data are affected:

Art. 9 GDPR — Processing of special categories of data. Health data is subject to an elevated level of protection. Its uncontrolled disclosure — whether through lost physical files or an unencrypted hard drive — constitutes a particularly serious violation that triggers increased fines.

Art. 5(1)(f) GDPR — Integrity and confidentiality. The obligation to protect personal data through appropriate technical and organizational measures against unauthorized processing, loss, and destruction has been violated twice over: physically (no secured transport chain for files) and digitally (unencrypted hard drive without access controls).

Art. 32 GDPR — Security of processing. Missing encryption on the portable hard drive, no inventory system for the file transport, no supervision of the moving company when handling sensitive documents — all of these represent grave failures in technical and organizational measures.

Art. 33 and 34 GDPR — Notification obligations. The incident must be reported to the supervisory authority within 72 hours. Given the special categories of personal data and the large number of affected individuals, there is a mandatory obligation to notify all potentially affected clients individually. For the hard drive alone, that means more than 4,000 people.

Art. 83(5) GDPR — Increased fine framework. Because special data categories (health data) are involved, the increased fine framework applies: up to 20 million euros or 4% of annual global turnover. For a mid-sized insurance brokerage, even a fraction of this amount can be existentially threatening.

Professional regulatory consequences. The supervisory authority for insurance intermediaries can challenge the broker's trustworthiness and revoke the license to operate. Beyond this, insurance carriers may terminate their partnerships if they learn that client data has been systematically inadequately protected.

Financial Impact

Cost Item	Estimated Amount
GDPR fine (increased framework for health data)	50,000 – 250,000 €
Legal counsel and crisis management	15,000 – 40,000 €
Individual notification of 4,000+ clients	8,000 – 20,000 €
Compensation claims (selection of affected clients)	50,000 – 300,000 €
Credit monitoring service for affected clients	20,000 – 60,000 €
Forensic IT investigation	5,000 – 15,000 €
PR crisis management and reputation recovery	10,000 – 30,000 €
Client attrition (estimated 15–25% of existing clients)	80,000 – 200,000 €
IT security upgrades and archiving systems	15,000 – 35,000 €
Total estimated cost	253,000 – 950,000 €

Not included in this estimate is the risk of losing the brokerage license entirely, which would mean the end of all business operations.

How to Prevent This

With a fully digital document management approach through SendMeSafe, this incident would not have been possible — neither the physical nor the digital data loss:

Eliminate physical files entirely. When clients submit their claim reports, medical certificates, and supporting documentation through individual Upload Links directly into SendMeSafe, there is no need for physical file folders at all. No paper means no risk of loss during transport.

Encrypted cloud storage instead of portable hard drives. All documents are stored in SendMeSafe's secure infrastructure on European servers — encrypted and redundant. A portable hard drive as a "backup" becomes unnecessary, and with it, the risk of its loss.

Individual client attribution. Every document is assigned to a specific client and accessible only to authorized staff. There are no bulk folders or boxes where files can get mixed up or go missing.

Audit trail for every access. Every document access is logged — who opened, downloaded, or shared which file and when. During an office move or staff change, complete traceability is maintained without interruption.

Secure sharing via Share Links. When documents need to be forwarded to insurers, assessors, or attorneys, this happens through password-protected share links with expiration dates and download limits. No unencrypted email attachments, no copied USB drives, no paper that can end up in a recycling bin.

Role-based access control. Not every employee needs access to every file. SendMeSafe allows documents to be assigned to specific case handlers, minimizing the risk of unauthorized access and ensuring that sensitive health records are only visible to those who need them.

Frequently Asked Questions

Do physical files require special protection during an office move?

Yes, physical documents containing personal data are subject to the same protection obligations as digital data under GDPR. During a move, you must ensure that files are transported in locked containers, a complete chain-of-custody is documented (who received which box and when), the moving company has signed a confidentiality agreement, and sensitive documents are transported separately from general office materials. Ideally, highly sensitive files — particularly health data — should not be stored physically at all. Transitioning to a digital, encrypted solution eliminates the transport risk entirely and provides better protection over the long retention periods that insurance records require.

Must a lost unencrypted hard drive always be reported to the authorities?

Yes, the loss of an unencrypted hard drive containing personal data is generally reportable under Art. 33 GDPR. Only if the data was demonstrably encrypted and the encryption key was not compromised can notification potentially be waived. In practical terms, this means every portable hard drive, USB stick, and mobile device containing client data must be encrypted without exception. The cost of encryption software is a few euros per device — a tiny fraction of what a data loss incident costs. For health data, the reporting threshold is even lower: the supervisory authority will expect notification in virtually every case of loss, regardless of mitigating factors.

How long must insurance claim files be retained?

Retention periods vary by document type and jurisdiction. In Germany, insurance contracts and claim files must generally be retained for 10 years after the contract ends (Section 257 of the German Commercial Code, Section 147 of the German Tax Code). Medical assessments in personal insurance lines can carry retention periods of up to 30 years, as claims arising from bodily injury have this statute of limitations. Precisely because of these extended timeframes, digital archiving through a secure system like SendMeSafe is far more practical than physical storage, which remains vulnerable to loss, damage, and unauthorized access over decades. A secure digital archive also makes retrieval faster and ensures that access is always logged.

What can affected clients do after a data loss like this?

Affected clients should first await the company's official notification and document which of their data is potentially compromised. Recommended next steps include filing a complaint with the data protection supervisory authority, setting up credit monitoring services, changing passwords on all accounts whose credentials may have been included in the files, and reviewing potential compensation claims under Art. 82 GDPR. For health data breaches, non-material damages can be assessed at a particularly high level — courts in comparable cases have awarded between 2,000 and 10,000 euros per individual. A collective action by multiple affected parties can simplify enforcement and reduce individual legal costs.