The insurance giant has reportedly hired KPMG to investigate the data loss incident, but early indications suggest that the tape data was unencrypted and was lost in August 2008, during what Zurich Insurance calls a routine backup.
As well as holding details of the UK customers, the unencrypted tape held information on customers in Botswana and South Africa.
Zurich UK said it has written to all affected customers but stated that there is no evidence to suggest that the data has been misused or compromised.
Commenting on the potentially serious identify theft situation, Jamie Cowper, EMEA marketing director with PGP Corporation, the data encryption specialist, said that Zurich UK's customers might be surprised to hear that their data is being kept in South Africa.
South Africa, he explained, has yet to pass the Protection of Personal Information Bill, the broad equivalent of the Data Protection Act in the UK.
"However, global trends around data outsourcing mean that confidential customer data could be held absolutely anywhere", he said, adding that, whilst the insurance company has been keen to downplay any assertion that the data could be compromised, unless the tape is recovered it is impossible to be sure.
"Who can predict what will become of this data in a few months or even a few years' time?
"As with all data breaches, the message here must be absolutely clear. Customer data should always be protected. That means deploying proven solutions, such as encryption, to ensure that sensitive information is fully protected no matter whose hands it falls into."