It happened again. Actually, it happened three months ago and the company (Nationwide) just decided not to report it. What is this again? Oh yeah, during a home break-in three months ago in the U.K., the laptop belonging to an employee of Britain’s largest building society, was stolen with the names and account numbers of 11 million customers on it… 11 million!! Why oh why is this information on that laptop? Are they really that stupid to risk this simple breach in security? I’ve said it over and over again. Please don’t keep your customers’ sensitive information on your laptops or desktops. All of this data should be stored and secured centrally (along with a secure, remote back-up). Not only is this model more efficient, but it’s also secure. That’s the least you could do…

However, most of the outrage and media attention is focused on the amount of time it took to report the theft.

‘”A three-month delay is appalling. People should be able to trust that if a problem has happened they will be told about it straight away.”’

While this lapse in time and judgment is “appalling” it shouldn’t be the major concern in this situation. The CEO of this company was quoted as saying,

“We have tightened up our already high security procedures and this should ensure it couldn’t happen again.”’

Well, why weren’t the proper procedures put in place to start with? He is saying their security procedures were already “tightened”? Come on, Mr. Philip Williamson… Can we really believe that?