UK NATIONWIDE BUILDING SOCIETY FINED BY REGULATOR FOR STOLEN COMPUTER CASENationwide fined 1 mln stg for lost laptop Business Reuters.co.uk

Nationwide fined 1 mln stg for lost laptop


LONDON (Reuters) - The Nationwide Building Society has been fined almost 1 million pounds by the financial regulator after the theft of an employee's laptop computer last year exposed security flaws.

The Financial Services Authority (FSA) said on Wednesday it had fined Nationwide 980,000 pounds for not having adequate information security procedures and controls in place, potentially exposing the society's 11 million customers to an increased risk of financial crime.

The laptop was stolen from a Nationwide employee's home last August.

Nationwide was not aware that the laptop contained confidential customer information and did not start an investigation until three weeks after the theft, the FSA said.

After the theft the long-standing employee, who needed the information on the computer for marketing purposes, went abroad on holiday and Nationwide took no steps to find out what information it contained, the regulator said.

Nationwide, which is the world's biggest building society, declined to say how many account details were on the laptop.

But it said there had been no loss of money from any account and the laptop did not contain PINs, passwords, account balance information or memorable data relating to any customers.

"We have extensive security procedures in place, but in this isolated incident our systems of control were found wanting. We have made changes to fill the gap and improve our procedures further," Philip Williamson, Nationwide's chief executive, said in a statement.

The building society said it and the police believe the laptop was stolen for its use as a computer, rather than for the information it contained.

The FSA said the laptop theft occurred at a time of heightened awareness of information security issues as a result of government initiatives and its own campaign about the importance of information security.

"Nationwide's systems and controls should have been robust enough to anticipate equipment theft or loss and to reduce the risk of sensitive data being compromised as a result of such a loss," the regulator said.