The UK Financial Services Authority has fined Nationwide Building Society £980,000 for failing to have effective systems and controls to manage its information security risks. The failings came to light following the theft of a laptop from a Nationwide employee's home last year.
During its investigation, the FSA found that the building society did not have adequate information security procedures and controls in place, potentially exposing its customers to an increased risk of financial crime.
The FSA also discovered that Nationwide was not aware that the laptop contained confidential customer information and did not start an investigation until three weeks after the theft.
Nationwide's failings occurred at a time of heightened awareness of information security issues as a result of government initiatives, increasing media coverage and an FSA campaign about the importance of information security.
Margaret Cole, director of enforcement, said: "Nationwide is the UK's largest building society and holds confidential information for over 11 million customers. Nationwide's customers were entitled to rely upon it to take reasonable steps to make sure their personal information was secure.
"Firms' internal controls are fundamental in ensuring customers' details remain as secure as they can be and, as technology evolves, firms must keep their systems and controls up-to-date to prevent lapses in security.
"The FSA took swift enforcement action in this case to send a clear, strong message to all firms about the importance of information security."
The FSA acknowledged that Nationwide has co-operated fully in the course of the investigation and has undertaken a number of actions to address this failure, including: taking a range of additional measures to increase security around accounts; informing customers of the loss of information; affirming its existing policy to reimburse any customer that has suffered financial loss as a result of this incident; and commissioning a comprehensive review of its information security procedures and controls.
By agreeing to settle at an early stage of the FSA's investigation Nationwide qualified for a 30% discount under the FSA's executive settlement procedures - without the discount the fine would have been £1.4m.