Industry watchdog the Financial Services Authority slapped the building society with the largest ever fine for a data breach because it said it potentially exposed the society’s customers to increased risk of financial crime.
The FSA said this resulted from inadequate security controls, revealed because Nationwide did not realise the laptop contained sensitive data, including customer names, addresses and account numbers.
Nationwide only launched an investigation into the theft three weeks after the employee reported it. It also wrote to customers at the time apologising for the breach and has cooperated with investigators, saving itself 30% on the potential £1.4m fine under FSA executive settlement procedures.
Comment on this article: [email protected]