The Financial Services Authority has fined the Nationwide Building Society £980,000 for its handling of a laptop theft containing sensitive customer data.
The laptop was stolen from an employee’s house last year, but the loss of customer names, addresses and account numbers that had been stored on it was not discovered for a three weeks.
The FSA it had made an example of the country’s largest building society, saying its information security procedures had failed to adequately protect its customers against risk of financial crime.
It acknowledged the Nationwide had undertaken a number of actions to address the failure, including taking a range of additional measures to increase security around accounts; informing customers of the loss of information; affirming its existing policy to reimburse any customer that has suffered financial loss as a result of this incident; and commissioning a comprehensive review of its information security procedures and controls.
As a result, the Society avoided the maximum potential fine of £1.4 million by settling for an early conclusion to the investigation, according to FSA executive procedure.
The company added that no PINs, passwords, account balance information or memorable data relating to any customers had been compromised.