Nationwide Building Society

What

Loss of personal data

How much

Not reported, potentially all customers (10+ million)

Why

Theft of unencrypted laptop from staff member’s home.

Regulator

FSA

Regulatory action

Monetary penalty – £980,000

Reason for action

  • Inadequate risk assessment
  • No incident response plan and slow response to theft (3 weeks)
  • Poor staff training and awareness
  • Poor controls

When

14 February 2007

Links

View the press release relating to Nationwide Building Society on the FSA website

View PDF of the Nationwide Building Society Final Notice (via FSA website)

View PDF of the Nationwide Building Society Final Notice (Breachwatch archive)