To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/financialservices/0,3800010322,39165800,00.htm

Nationwide fined nearly £1m for security lapses
FSA does some knuckle-rapping...

By Tim Ferguson

Published: Wednesday 14 February 2007

Nationwide Building Society has been fined £980,000 by the Financial Services Authority (FSA) for information security lapses.

The fine follows investigations into the theft of a laptop containing confidential customer data from an employee's home last year.

The FSA said it found "the building society did not have adequate information security procedures and controls in place, potentially exposing its customers to an increased risk of financial crime". It also found Nationwide was unaware the laptop contained confidential customer information until three weeks after the theft.

A Nationwide spokeswoman told silicon.com: "We accept that we didn't get it right and we apologise for that."

She added: "We do have extensive and sophisticated layers of security in place and on this occasion one of those layers was found wanting and we've rectified that.

"We've put very stringent processes in place to ensure it doesn't happen again."

silicon.com Financial Services

Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!

The FSA acknowledged Nationwide's efforts to rectify the situation and because the building society agreed to a settlement it reduced the fine by 30 per cent - from £1.4m to £980,000.

The building society wrote to all customers at the time of last year's laptop theft, informing them of the theft and reminding them to take steps to keep information secure.

Nationwide said the theft has not resulted in any loss of customer money. It also said the laptop did not contain any customer PINs, passwords or account balance information that could lead to identity theft.

Margaret Cole, director of enforcement at the FSA, said in a statement the authority's swift enforcement action in the case would "send a clear, strong message to all firms about the importance of information security".