Yorkshire Building Society takes 'remedial steps' after data breach

Yorkshire Building Society will take "remedial steps" following a data breach earlier this year when an unencrypted laptop containing customer details was stolen from its Cheltenham premises.

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Iain Cornish, Yorkshire Building Society's chief executive, signed an agreement with the Information Commissioner's Office (ICO) following the breach of the Data Protection Act. Undertakings include regularly monitoring compliance with policies on data protection and IT security, using encryption software on all portable devices and limiting staff access to personal data to only that needed for their work.

Mick Gorrill, head of enforcement at the ICO, said, "It is extremely concerning that an unencrypted laptop containing large amounts of personal data was left unsecured overnight, together with details of its passwords. What's more, the fact that the employee did not require all the information to carry out the task in hand created an unnecessary risk which could easily have been avoided; employees should only have access to information that is absolutely vital to work which is being carried out.

"I am pleased that the Yorkshire Building Society took such prompt and effective action and am satisfied that steps are now in place to prevent this happening again," added Gorrill.

The laptop was stolen in April this year and was recovered within 48 hours by private investigators. Forensic investigations revealed data was not accessed, although there had been several attempts to do so.

An NHS Trust also came under fire from the ICO this week after the loss of a CD containing the unencrypted records of 112 patients.