Yorkshire Building Society criticised for data breach

YORKSHIRE Building Society broke data protection laws when an unencrypted company laptop containing customer details was stolen, the Information Commissioner has ruled.

The computer was stolen from the Cheltenham premises of the Chelsea Building Society which had recently merged with the Yorkshire. A manager had left the computer in a bag with the passwords.

In a statement, the Information Commissioner’s Office said Iain Cornish, chief executive of Yorkshire Building Society, had agreed to take a series of measures to ensure there was not a repeat.

Mick Gorrill, head of enforcement at the ICO, said: “It is extremely concerning that an unencrypted laptop containing large amounts of personal data was left unsecured overnight, together with details of its passwords.

“What’s more, the fact that the employee did not require all the information to carry out the task in hand created an unnecessary risk which could easily have been avoided; employees should only have access to information that is absolutely vital to work which is being carried out.

“I am pleased that the Yorkshire Building Society took such prompt and effective action and am satisfied that steps are now in place to prevent this happening again.”

If you’re not getting our daily emails, your competitors might be.  Click here to check your account settings.

A Yorkshire Building Society spokeswoman emphasised that the laptop was stolen just days after the merger and before its own security measures were put in place.

She said “There was a breach of security and a laptop went missing but the information on the laptop was never accessed and no customer details were put in danger.

“Security has been tightened significantly and we are pretty confident that couldn’t happen again.”