Yorkshire Building Society censured over stolen unencrypted laptop

The UK's Information Commissioner's Office (ICO) has found Yorkshire Building Society in breach of the Data Protection Act after an unencrypted laptop containing customer data was stolen.

1 comment

Yorkshire Building Society censured over stolen unencrypted laptop

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The laptop was stolen from the Cheltenham premises of the former Chelsea Building Society, which recently merged with YBS, in April and contained "a substantial part of the CBS customer database".

It was found within 48 hours after YBS hired private investigators and forensic investigations show that none of the data had been accessed during that time, although there had been several attempts to do so.

Before it was stolen, the laptop was being used by a CBS employee who had been working from home and had given it, on request, to a manager who returned it to CBS's former head office in Cheltenham.

The manager wrote down the passwords to the computer and left these in a bag with the laptop under a desk overnight.

The building society has now agreed to take steps to improve security, ensuing all portable devices are encrypted and that staff know the firm's policies on storing personal data and only have access to information that they need.

Mick Gorrill, head, enforcement, ICO, says: "It is extremely concerning that an unencrypted laptop containing large amounts of personal data was left unsecured overnight, together with details of its passwords. What's more, the fact that the employee did not require all the information to carry out the task in hand created an unnecessary risk which could easily have been avoided; employees should only have access to information that is absolutely vital to work which is being carried out."

Earlier this week the FSA hit Zurich Insurance's UK arm with a record £2.275 million fine over the loss of a backup data tape containing the details of 46,000 customers.

Sponsored [Impact Study] Adding GenAI To Your Fraud Prevention Strategy

Comments: (1)

A Finextra member 

We keep hearing about issues like this and each time I think that they mask a deeper problem.

What is wrong with existing information access channels that users feel they have to take the risk of carrying data in this way?

Should they not have better access to the information they need to render such dangerous behaviour unnecessary?

The hidden cost of this sort of loss is also a further lock down of data access, meaning that the problem is actually compounded and business efficiency suffers.

And that's no good to anyone!

 

 

 

[On-Demand Webinar] Global Trade Based Financial Crime: Where Trade and Payments MeetFinextra Promoted[On-Demand Webinar] Global Trade Based Financial Crime: Where Trade and Payments Meet