The Bradford-based Yorkshire Building Society has been censured by a national watchdog for breaching data protection laws after a laptop containing thousands of customers’ details was stolen.

The Information Commissioner’s Office said Yorkshire Building Society breached the Data Protection Act after an unencrypted laptop belonging to the former Chelsea Building Society was stolen from its Cheltenham premises.

The laptop, containing a large proportion of the CBS database, was recovered within 48 hours and forensic investigations revealed none of the data had been accessed, although there had been attempts to do so.

The laptop was being used by a CBS employee who had been working from home and had given it, on request, to a manager who returned it to CBS’s former head office in Cheltenham from where it was stolen.

It was also found the manager had written down the passwords to the computer and left these in a bag with the laptop.

Iain Cornish, YBS chief executive, has agreed to take a series of steps to prevent any similar security breaches happening again.

These include ensuring all portable devices including laptops are encrypted – a measure that was already in place at YBS before the merger with Chelsea.

Mick Gorrill, head of enforcement at the ICO, said: “It is concerning that an unencrypted laptop containing large amounts of personal data was left unsecured overnight, together with details of its passwords.

“What’s more, the fact the employee did not require all the information to carry out the task in hand created an unnecessary risk.

“I am pleased the Yorkshire Building Society took prompt and effective action and am satisfied steps are now in place to prevent this happening again.”