UK COMPUTER CONTAINING SENSITIVE CUSTOMER DATA STOLEN FROM NATIONWIDE BUILDING SOCIETY EMPLOYEE http://www.timesonline.co.uk/article/0,,2095-2449656,00.html


Regulator probes shock security lapse at NationwideDominic O’Connell and Grant Ringshaw

THE Financial Services Authority is investigating an extraordinary lapse of security at Nationwide building society after a laptop computer containing sensitive customer account information was stolen in a burglary at an employee’s home.

Nationwide confirmed the computer held customer information, but insisted that this did not include “pin numbers, passwords, or information about financial transactions”.

But banking sources said last night that some reports circulating in the industry have suggested information on several million accounts may have been stored on the machine, whose user was on call. Nationwide declined to give further details, saying it was acting on the advice of the police.

It said there had been “no attempts to access our systems” and that no customers had “suffered any financial loss as a result of the theft”.

“We have a strong record on customer security,” said Nationwide. “Since the theft we have taken additional security steps to ensure accounts are safeguarded.”

Nationwide has begun writing to all of its 11m customers about the importance of security. So far 60,000 letters have been sent out.

Since the burglary in August, Nationwide is also understood to have cracked down on customer information being carried on staff laptops.

“From time to time some employees would have cause to have limited customer information on their laptops,” a spokesman said. “Since the incident we have taken significant steps to increase security. A situation like this could not re-occur.”

The theft highlights the potential threat posed to bank security by misappropriation of electronic records.

Earlier this year, researchers at Cardiff university pinpointed alleged flaws in HSBC’s online banking systems, while undercover investigators have been able to buy customer records taken from call centres in India. Internet fraudsters regularly try to con people into surrendering account details with bogus e-mails.

The incident is also thought to have provoked soul-searching at the FSA. Senior executives at the City watchdog are understood to be discussing privately whether their initial response to the theft — which was reported to the FSA in September — was sufficiently robust.

It is not known if the FSA has directed Nationwide to take any action over the security breach.

“Nationwide has informed us of the theft,” an FSA spokesman said. “Our principal concern has been to minimise risk to customers. We have involved all the relevant authorities, including the police and the Information Commissioner.”

“We have also considered how Nationwide should communicate on this matter with its customers in a way that minimises the risk of any potential misuse of data.”

Nationwide is the UK’s — and the world’s — largest building society, and is completing a merger with its smaller rival, the Portman