The Nationwide Building Society was fined in connection with the theft of a laptop from an employee's home last year.

Sharon Gaudin, Contributor

February 20, 2007

2 Min Read

A major financial institution in the United Kingdom was slapped with a nearly $2 million fine for failing to adequately protect customer information.

The Financial Services Authority fined the Nationwide Building Society £980,000 for failing to have effective systems and controls to manage its information security risks. The fine is directly connected to last year's theft of a Nationwide laptop from an employee's home.

Nationwide is a financial institution owned and run by its members. It's reportedly the U.K.'s fourth largest mortgage lender and second largest savings provider. The FSA is an independent organization that oversees the financial services industry in the United Kingdom.

The financial institution hasn't said how many customers' information was on the stolen laptop. Banking executives have said that the bank would contact its 11 million members to educate them on what security steps they should take to protect themselves.

During its investigation, the FSA found that the building society didn't have adequate information security procedures and controls in place, potentially exposing its customers to an increased risk of financial crime, according to a release on its Web site.

The FSA also reported that Nationwide wasn't aware that the laptop contained confidential customer information and didn't start an investigation until three weeks after the theft.

"Nationwide is the U.K.'s largest building society and holds confidential information for over 11 million customers," said Margaret Cole, director of enforcement at the FSA, in a written statement. "Nationwide's customers were entitled to rely upon it to take reasonable steps to make sure their personal information was secure. Firms' internal controls are fundamental in ensuring customers' details remain as secure as they can be and, as technology evolves, firms must keep their systems and controls up-to-date to prevent lapses in security."

The FSA also notes on its site that Nationwide cooperated fully in the investigation and has undertaken a "number of actions" to address their failure, including taking additional measures to increase security around accounts; informing customers of the loss of information; affirming its existing policy to reimburse any customer that has suffered financial loss as a result of this incident; and commissioning a comprehensive review of its information security procedures and controls.

By agreeing to settle at an early stage of the FSA's investigation, Nationwide qualified for a 30% discount under the FSA's executive settlement procedures; without the discount, the fine would have been £1.4 million.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights