Earlier this year a laptop computer belonging to the Society was stolen from an employee's home in a domestic burglary. The laptop contained some customer information to be used mainly for marketing purposes.
Why are organisations still enabling employees to take sensitive information home on laptops where it can be lost or stolen? Never mind banks, this has happened several times over the last few years to MI5, MI6 and the CIA.
Even so, it is good news that Nationwide has notified affected customers. This should be a requirement of the Data Protection Act, as it is in Californian law.
In related news, UK banks have rejected calls from the House of Lords Science and Technology Committee to publish information on levels of security.