Original URL: http://www.theregister.co.uk/2007/12/21/skipton_data_security_breach/

Skipton in lost laptop security woes

14,000 accounts suspended after latest data breach

By John Leyden

Posted in Security, 21st December 2007 15:06 GMT

Skipton Financial Services has confessed to losing a laptop containing records of 14,000 customers. Information exposed by the breach includes names, addresses, National Insurance numbers, and fund investment details of clients of Skipton's Fidelity FundsNetwork.

The laptop was nicked from a locker being used by a staff member of Moore Stephens Consulting, an IT consultancy employed by Skipton Financial Services, on Tuesday evening last week, the Yorkshire Post reports.

The machine was password protected, but not encrypted. Skipton has suspended affected accounts as a precaution. It has also written to punters affected by the breach, which marks the latest entry in a growing list of UK firms falling victim to customer data security cock-ups.

Jamie Cowper, EMEA director of marketing at encryption firm PGP, called for a reform in UK data protection laws. "The sheer volume of data disasters this year has made it clear that today's online society has outgrown the Data Protection Act. The government must make a new year's resolution to not only revise it, but also make clear to organisations that they must start moving away from reactive data protection measures to pre-emptive ones," Cowper said.

"Encryption should play a major role in security policies," he added. ®