Marks and Spencer (M&S), a high-end retail chain in the UK, has suffered a breach of personal information for 26,000 of its employees after a laptop was stolen.

This single laptop contained employee dates of birth, addresses, national insurance numbers, phone numbers, and salaries for 26,000 employees. The information was in the care of a printing company assigned to print a letter to employees regarding their pensions. The laptop was stolen from their care on April 18, 2007.

Employees were notified of the breach 2 days later. However, they did not disclose in the letter the type of information breached. No law exists in the UK which would require companies to disclose the details of the breach, nor how quickly they must disclose the breach.

Although police believe the theft to be opportunistic rather than planned, the risk for identity theft still exists. M&S is offering employees free credit checks.

Ed Mayo, chief executive of the National Consumer Council (NCC) is concerned about the breach. He notes that every company now is vulnerable to data breaches, and something needs to be done about it.

"Every company really now should take action to ensure they’ve got the systems and processes in place to minimize this risk."

He said the NCC planned to campaign for legislation at UK or EU level for companies to take faster action on this issue. [BBC]

Via out-law & BBC ; Tags: data breach, marks and spencer, m&s, identity theft, uk legislation, security legislation