The Financial Services Authority (FSA) has fined The Nationwide Building Society £980,000 for the loss of a laptop which contained "confidential customer data" on 11 million customers.

The laptop was stolen from a Nationwide employee's home. Although he quickly reported the theft, according to the BBC, he didn't tell his employers what was on the machine until after a three-week holiday, at which time Nationwide started an investigation.

What customer details the laptop contained is not clear. Although Nationwide "claimed that the information on it could not have been used for identity fraud as there were no PIN numbers, passwords or account balance information on it", the BBC notes the laptop "may have contained names, addresses and account numbers." Accordingly, "customers had been exposed to the risk of financial crime".

The FSA found Nationwide was not aware the laptop "contained any confidential customer information at all".

FSA enforcement director Margaret Cole said: "Nationwide is the UK's largest building society and holds confidential information for over 11 million customers. Nationwide's customers were entitled to rely upon it to take reasonable steps to make sure their personal information was secure."

The FSA further noted: "The failure to manage or monitor downloads of very large amounts of data onto portable storage devices meant that Nationwide had limited control over information held in this way or how it was used."

Nationwide subsequently wrote to all customers apologising for the cock-up. Chief exec Philip Williamson offered: "I wish to emphasise that there has been no loss of money from our customers' accounts as a result of this incident."

Nationwide declined to say whether the employee in question - who apparently had legitimate access to the data - had been disciplined or sacked. The laptop has not been recovered. ®

Related stories

Norwich Union Life fined £1.26m for security holes (17 December 2007)
http://www.theregister.co.uk/2007/12/17/norwich_union_life_fsa_fine/
Parliament's security staff lose parliament security data (17 December 2007)
http://www.theregister.co.uk/2007/12/17/parliament_laptop_loss/
VeriSign worker exits after laptop security breach (6 August 2007)
http://www.theregister.co.uk/2007/08/06/verisign_laptop_theft/
Eden laptop theft sparks ID theft fears (15 June 2007)
http://www.theregister.co.uk/2007/06/15/eden_laptop_theft/
M&S in ID theft flap over stolen laptop (9 May 2007)
http://www.theregister.co.uk/2007/05/09/printing_security_flap/
Feds urge tougher ID theft laws (24 April 2007)
http://www.theregister.co.uk/2007/04/24/id_theft_plan/
FSA lumps £81m appendage on Fujitsu (19 April 2007)
http://www.channelregister.co.uk/2007/04/19/fsa_transformation/
Georgia on the mind of three million after CD loss (11 April 2007)
http://www.theregister.co.uk/2007/04/11/georgia_data_loss/
Laptop thefts expose 40,000 Chicago teachers (9 April 2007)
http://www.theregister.co.uk/2007/04/09/chicago-teachers_security_breach/
US nuclear security agency missing 20 PCs (2 April 2007)
http://www.theregister.co.uk/2007/04/02/us_nuclear_agency_missing_pcs/
Hospital laptop theft sparks concerns (28 March 2007)
http://www.theregister.co.uk/2007/03/28/hospital_laptop_theft/
How to find stolen laptops (14 March 2007)
http://www.theregister.co.uk/2007/03/14/stolen_laptops/
UK banks leaving customer info on the pavement (14 March 2007)
http://www.theregister.co.uk/2007/03/14/clean_banking/
Laptop losses and phishing fruit salad (20 February 2007)
http://www.theregister.co.uk/2007/02/20/online_risk_assessment/
FSA has power to order data breach disclosure (19 February 2007)
http://www.theregister.co.uk/2007/02/19/fsa_data_disclosure/
What the heck was on that stolen laptop? (19 August 2006)
http://www.theregister.co.uk/2006/08/19/laptop_loss_survey/
Two teens charged over VA laptop theft (7 August 2006)
http://www.theregister.co.uk/2006/08/07/va_laptop_theft_arrests/
Security flap after US Navy loses laptops (28 July 2006)
http://www.theregister.co.uk/2006/07/28/navy_laptop_security_snafu/
Medical Excess loses records on 1m customers (28 June 2006)
http://www.theregister.co.uk/2006/06/28/medical_excess_loss/
Ernst & Young laptop loss exposes 243,000 Hotels.com customers (1 June 2006)
http://www.theregister.co.uk/2006/06/01/ey_hotels_laptop/
Stolen laptops hand hackers keys to the kingdom (25 April 2006)
http://www.theregister.co.uk/2006/04/25/stolen_laptop_peril/