The FSA also found that Nationwide did not start an investigation into the theft until three weeks after it occurred. Nationwide claimed that the laptop did not contain any confidential customer information, such as pin numbers, passwords or transaction details, and therefore could not be used for identity fraud.
The financial company also emphasised that no customers lost any money as a result of the burglary. However, the watchdog said its investigation had found that the building society had failed to put in place “adequate information security procedures and controls”. Consequently, Nationwide had exposed its customers to the risk of financial crime.
“Nationwide is the UK’s largest building society and holds confidential information for over 11 million customers,” said Margaret Cole, director of enforcement at the FSA.
“Nationwide’s customers were entitled to rely upon it to take reasonable steps to make sure their personal information was secure. The FSA took swift enforcement action in this case to send a clear, strong message to all firms about the importance of information security,” she added.
The laptop was stolen in August last year, but only became public in November, when the building society began writing letters to all of its customers apologising for the breach and outlining the security measures they needed to take.
Philip Williamson, chief executive of Nationwide, reiterated an apology today and said: “I wish to emphasise that there has been no loss of money from our customers’ accounts as a result of this incident.
We have extensive security procedures in place, but in this isolated incident our systems of control were found wanting. We have made changes to fill the gap and improve our procedures further.”