Nationwide Building Society

Posted on 14 February 2007 by BreachMaster

What

Loss of personal data

How much

Not reported, potentially all customers (10+ million)

Why

Theft of unencrypted laptop from staff member’s home.

Regulator

FSA

Regulatory action

Monetary penalty – £980,000

Reason for action

Inadequate risk assessment
No incident response plan and slow response to theft (3 weeks)
Poor staff training and awareness
Poor controls

When

14 February 2007

Links

View the press release relating to Nationwide Building Society on the FSA website

View PDF of the Nationwide Building Society Final Notice (via FSA website)

View PDF of the Nationwide Building Society Final Notice (Breachwatch archive)