Yorkshire Building Society takes 'remedial steps' after data breach
Yorkshire Building Society will take "remedial steps" following a data breach earlier this year when an unencrypted laptop containing customer details was...
Yorkshire Building Society will take "remedial steps" following a data breach earlier this year when an unencrypted laptop containing customer details was stolen from its Cheltenham premises.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
Iain Cornish, Yorkshire Building Society's chief executive, signed an agreement with the Information Commissioner's Office (ICO) following the breach of the Data Protection Act. Undertakings include regularly monitoring compliance with policies on data protection and IT security, using encryption software on all portable devices and limiting staff access to personal data to only that needed for their work.
Mick Gorrill, head of enforcement at the ICO, said, "It is extremely concerning that an unencrypted laptop containing large amounts of personal data was left unsecured overnight, together with details of its passwords. What's more, the fact that the employee did not require all the information to carry out the task in hand created an unnecessary risk which could easily have been avoided; employees should only have access to information that is absolutely vital to work which is being carried out.
"I am pleased that the Yorkshire Building Society took such prompt and effective action and am satisfied that steps are now in place to prevent this happening again," added Gorrill.
The laptop was stolen in April this year and was recovered within 48 hours by private investigators. Forensic investigations revealed data was not accessed, although there had been several attempts to do so.
An NHS Trust also came under fire from the ICO this week after the loss of a CD containing the unencrypted records of 112 patients.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments