Security raised over laptop theft
By chaoz_xtreme
@chaoz_xtreme (100)
November 18, 2006 10:12am CST
Nationwide building society says it is tightening security after the theft of an employee's laptop containing customer information.
Security experts have raised fears that the company's 11m customers could have been put at risk of identity crime.
The computer was stolen in a domestic burglary three months ago.
Company bosses have apologised to customers and reassured them that they are not at risk of becoming identity-theft victims.
Nationwide, Britain's biggest building society, has informed the authorities and said it will be writing to customers to give them security advice in the next few weeks.
Chat rooms are full of people trading credit card details online in real time at all hours of the day and night
Peter Wood, IT security expert
Send us your comments
It is reassuring customers that no PIN numbers, account passwords or memorable information was on the laptop.
But it does not deny that names and account numbers could have been.
Security experts said if the information stored on the computer was obtained by identity thieves they could attempt to take out credit cards in customers' names.
Peter Wood, from computer security firm First Base Technologies, told BBC Radio 4's Money Box he did not think it would be difficult for thieves to access the data.
And he warned: "The chat rooms many people use are full of people trading credit card details online in real time at all hours of the day and night."
'Appalling'
Diane Gaston, of the National Consumer Council, told the programme she is angry customers were not told sooner.
"A three-month delay is appalling. People should be able to trust that if a problem has happened they will be told about it straight away."
But Nationwide said there is no indication that data had been stolen and nobody has lost any money.
Chief executive Philip Williamson told BBC Five Live that he was "genuinely sorry" for the theft and any concern it had caused customers.
There is no chance of any customer suffering any financial loss on their accounts as a result of this
Philip Williamson, Nationwide chief executive
"We have tightened up our already high security procedures and this should ensure it couldn't happen again."
He also reassured customers they were not at risk.
In a separate interview with the BBC's Today programme he said: "The customer information on the stolen laptop can't be used on its own to perpetrate identity theft.
"There is no chance of any customer suffering any financial loss on their accounts as a result of this."
But, Barry Stamp, former director of CIFAS, the fraud prevention service, said it was unusual for an entire customer database to be stored on a laptop.
Mr Stamp, who is now joint managing director of checkmyfile.com, told the BBC: "On the one hand we should say hats off to Nationwide for actually admitting that one of these laptops has been stolen.
"We've seen cases like this almost every week at the moment, but on the other hand you have to ask why that information was contained on a laptop and why the security was lax at Nationwide in such a way that you could download the entire database to a laptop.
"This is really unusual."
'Review needed'
Donal Casey, security expert at IT consultancy Morse, said companies needed to review how much information employees were allowed to transfer to laptops.
He said: "Businesses really need to be asking themselves whether employees need to be carrying around sensitive customer data like bank account details on a laptop.
"If a criminal steals this information and uses it to commit identity fraud the implications for a financial institution would be huge."
The financial regulator, the FSA, and the Office of the Information Commissioner have both been informed.
They say they are continuing to discuss the situation with Nationwide, but neither is taking any other action at this stage.
No responses