A lack of business intelligence

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier this year, Nationwide, the UK’s largest building society, suffered a massive data theft when a notebook computer was taken from an employee’s home.

At the time, questions were asked about how such things could be allowed to occur but, to be fair to Nationwide, it is common practice for unencrypted data to be stored on company laptops away from the office (I have never been required to encrypt my data and I work from home routinely). Furthermore, the laptop was stolen in a domestic burglary – we are all told not to leave our laptops in the car (which in my case is another company-owned asset) so within the home is probably the safest place for the computer to be stored when away from the office.

To my mind, the biggest issue is how it took so long for the issue to be disclosed, with millions of customers’ identities potentially compromised (although Nationwide stresses that the data was “to be used mainly for marketing purposes” and “did not include any PINs, passwords, account balance information or memorable data”).

Two of my family members are Nationwide customers and earlier this month we received letters warning us of the potential issues, along with advice from the UK Government Home Office and Nationwide on protecting our identities; however, I was very amused by the letter to my two-year-old son, which began as follows:

“Dear Mr Wilson

THIS IS IMPORTANT – PLEASE READ CAREFULLY AND SHOW THIS LETTER TO YOUR PARENT OR GUARDIAN

Earlier this year a laptop computer belonging to the society was stolen…”

The letter was sent to a toddler! How many 2-year-olds do you know who can read a letter and follow the advice to show it to a parent of guardian? All the other communications from Nationwide about his account are addressed to my wife – so why write directly to my son this time? They noted that he was a minor and warned him to show the letter to his parent or guardian but surely their software can cope with a simple date of birth check and establish that this customer may be considered too young to read!

Leaving aside Nationwide’s lack of business intelligence, let’s hope that they have learnt from this massively public loss of data (and the expensive clean-up operation); however as computer users we can all benefit from their unfortunate experience and make sure that our data is secured by more than just a username and password (which provides no protection at all if the operating system can be bypassed and the disk accessed directly). Windows XP and Vista both support disk encryption (as do many Linux distributions and Mac OS X) and it’s worth investigating the use of this technology, although there are complications around key recovery that need to be considered before jumping straight in.

One thought on “A lack of business intelligence

  1. I’ve just read in IT Week that the Financial Services Authority has fined Nationwide £980,000 for their security breach; however, according to the BBC it’s not the directors (who have taken £4m in performance-related bonuses in recent years) that will pay the fine – instead, as a mutually-run society, the bill will be picked up by its own customers!

    So, let me get this right… a data security lapse results in my wife and son’s identity data being stolen and then they (along with all of Nationwide’s customers) have to pay the fine! £980,000 divided between 11 million customers may only be a few pence each but maybe the IT Director ought to take at least some of the responsibility?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.