[privacy] Security raised over laptop theft

[Gordon Darling <gordondarling () dsl pipex com>]

http://news.bbc.co.uk/1/hi/uk/6160800.stm

"Nationwide building society says it is tightening security after the
theft of an employee's laptop containing customer information. 

Security experts have raised fears that the company's 11m customers
could have been put at risk of identity crime. 

The computer was stolen in a domestic burglary three months ago. 

Bosses have apologised to customers and reassured them that they will
not become identity-theft victims. 

Nationwide, Britain's biggest building society, has informed the
authorities and said it will be writing to customers to give them
security advice in the next few week

It is reassuring customers that no PIN numbers, account passwords or
memorable information was on the laptop. 

But it does not deny that names and account numbers could have been. 

Security experts said if the information stored on the computer was
obtained by identity thieves they could attempt to take out credit cards
in customers' names. 

Peter Wood, from computer security firm First Base Technologies, told
BBC Radio 4's Money Box he did not think it would be difficult for
thieves to access the data. 

And he warned: "The chat rooms many people use are full of people
trading credit card details online in real time at all hours of the day
and night." 

'Appalling' 

Diane Gaston, of the National Consumer Council, told the programme she
is angry customers were not told sooner. 

"A three-month delay is appalling. People should be able to trust that
if a problem has happened they will be told about it straight away." 

But Nationwide said there is no indication that data had been stolen and
nobody has lost any money. 

Chief executive Philip Williamson told BBC Five Live that he was
"genuinely sorry" for the theft and any concern it had caused customers.

"We have tightened up our already high security procedures and this
should ensure it couldn't happen again." 

He also reassured customers they were not at risk. 

In a separate interview with the BBC's Today programme he said: "The
customer information on the stolen laptop can't be used on its own to
perpetrate identity theft. 

"There is no chance of any customer suffering any financial loss on
their accounts as a result of this." 

But, Barry Stamp, former director of CIFAS, the fraud prevention
service, said it was unusual for an entire customer database to be
stored on a laptop. 

He told the BBC: "On the one hand we should say hats off to Nationwide
for actually admitting that one of these laptops has been stolen. 

"We've seen cases like this almost every week at the moment, but on the
other hand you have to ask why that information was contained on a
laptop and why the security was lax at Nationwide in such a way that you
could download the entire database to a laptop. 

"This is really unusual." 

'Review needed' 

Donal Casey, security expert at IT consultancy Morse, said companies
needed to review how much information employees were allowed to transfer
to laptops. 

He said: "Businesses really need to be asking themselves whether
employees need to be carrying around sensitive customer data like bank
account details on a laptop. 

"If a criminal steals this information and uses it to commit identity
fraud the implications for a financial institution would be huge." 

The financial regulator, the FSA, and the Office of the Information
Commissioner have both been informed. 

They say they are continuing to discuss the situation with Nationwide,
but neither is taking any other action at this stage."

Gordon

_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy