By Rhys Blakely
December 21, 2007
Thousands of building society customers are at risk of ID fraud after a
laptop containing their details was stolen.
Skipton Financial Services (SFS), a subsiduary of Skipton Building
Society, said that details of 14,000 customers had been lost after a
computer was stolen from Moore Stephens Consulting, a London-based IT
The information belonged to customers with funds administered by
Fidelity FundsNetwork and included names, addresses, National Insurance
numbers and fund investment details.
It was loaded on a laptop stolen from a workers locker in "a locked
facility" along with other personal items on December 11, forcing the
accounts to be frozen.
Jamie Cowper, of PGP Corporation, a data protection specialist, said
that it was worrying that no mention had been made by SFS of the data
being encrypted but merely password protected.
The risk is that the information is used to assume fraudulent
identities, he said.
The data breach the latest in a slew of similar incidents hands further
ammunition to the Information Commissioners Office, which is calling for
a radical shake-up of the UKs data laws that would make careless
handling of data a criminal offence and hold company bosses directly
Police are investigating the theft.
The Yorkshire-based lender could face sanctions from the Financial
In February, Nationwide was fined 980,000 by the City watchdog after a
laptop holding customer details was stolen from an employee's house.
However, it is thought that Skipton's decision to reveal the breach to
the FSA promptly will work in its favour.
Nationwide, by contrast, was not aware of the wealth of information
carried on its stolen computer and did not give an alert for three weeks
after the theft.
The data lost by Skipton does not include bank or building society
However, SFS was forced to block affected accounts and has written to
customers to assure them that their investments were safe.
It is issuing them with new account numbers and has offered 12 months
free credit checks and alert services through the credit reference
The latest lapse follows the loss of two discs containing information on
about 25 million people by HM Revenue & Customs last month and comes
only days after the details of three million learner drivers were lost
in Iowa, in the United States, by Pearson Driving Assessments, a private
contractor working for the Driving Standards Agency.
It emerged this week that the loss by HMRC of details of more than 6,500
customers of Countrywide Assured, the life assurance and pensions
company, had gone unnoticed for more than a month.
While neither SFS nor Fidelity FundsNetwork were responsible for the
loss of this laptop, both have taken all steps they can to mitigate any
risk to their clients, Skipton said in a statement.
Customers will also be offered free access to the Cifas Protective
Registration Scheme, which is designed to alert financial organisations
to the need to undertake further checks before completing any
transaction on an account.
Simon Holt, managing director of SFS, said that the company was not
aware of any fraudulent activity.
Visit InfoSec News