http://business.timesonline.co.uk/tol/business/industry_sectors/banking_and_finance/article3083560.ece By Rhys Blakely Times Online December 21, 2007 Thousands of building society customers are at risk of ID fraud after a laptop containing their details was stolen. Skipton Financial Services (SFS), a subsiduary of Skipton Building Society, said that details of 14,000 customers had been lost after a computer was stolen from Moore Stephens Consulting, a London-based IT contractor. The information belonged to customers with funds administered by Fidelity FundsNetwork and included names, addresses, National Insurance numbers and fund investment details. It was loaded on a laptop stolen from a workers locker in "a locked facility" along with other personal items on December 11, forcing the accounts to be frozen. Jamie Cowper, of PGP Corporation, a data protection specialist, said that it was worrying that no mention had been made by SFS of the data being encrypted but merely password protected. The risk is that the information is used to assume fraudulent identities, he said. The data breach the latest in a slew of similar incidents hands further ammunition to the Information Commissioners Office, which is calling for a radical shake-up of the UKs data laws that would make careless handling of data a criminal offence and hold company bosses directly responsible. Police are investigating the theft. The Yorkshire-based lender could face sanctions from the Financial Services Authority. In February, Nationwide was fined 980,000 by the City watchdog after a laptop holding customer details was stolen from an employee's house. However, it is thought that Skipton's decision to reveal the breach to the FSA promptly will work in its favour. Nationwide, by contrast, was not aware of the wealth of information carried on its stolen computer and did not give an alert for three weeks after the theft. The data lost by Skipton does not include bank or building society account details. However, SFS was forced to block affected accounts and has written to customers to assure them that their investments were safe. It is issuing them with new account numbers and has offered 12 months free credit checks and alert services through the credit reference agency, Callcredit. The latest lapse follows the loss of two discs containing information on about 25 million people by HM Revenue & Customs last month and comes only days after the details of three million learner drivers were lost in Iowa, in the United States, by Pearson Driving Assessments, a private contractor working for the Driving Standards Agency. It emerged this week that the loss by HMRC of details of more than 6,500 customers of Countrywide Assured, the life assurance and pensions company, had gone unnoticed for more than a month. While neither SFS nor Fidelity FundsNetwork were responsible for the loss of this laptop, both have taken all steps they can to mitigate any risk to their clients, Skipton said in a statement. Customers will also be offered free access to the Cifas Protective Registration Scheme, which is designed to alert financial organisations to the need to undertake further checks before completing any transaction on an account. Simon Holt, managing director of SFS, said that the company was not aware of any fraudulent activity. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Mon Dec 24 2007 - 03:39:47 PST