FCA reveals data breach blunder 

The Financial Conduct Authority (FCA) has revealed it published “confidential information” to its website in November last year.

The regulator said it was recently made aware that, in a response to a Freedom of Information Act request published on its website in November 2019, “certain underlying confidential information may have been accessible” – including names, addresses and telephone numbers.

The response related to the number and nature of new complaints made against the FCA and handled by its complaints team between 2 January 2018 and 17 July 2019.

The FCA said the publication of this information “was a mistake”, and added that as soon as it became aware of this, it removed the relevant data from its website.

The FCA has undertaken a “full review” to identify the extent of any information that may have been accessible, and said its primary concern is to ensure the “protection and safeguarding of individuals who may be identifiable from the data.”

It claimed the extent of the accessible information was only the name of the person making the complaint, with no further confidential details or specific details of their complaint.

However, the FCA said there were instances where additional confidential information was contained within the description of the complaint, including addresses, telephone numbers, or other information.

Where this is the case, it is making direct contact with the individuals concerned to apologise and to advise them of the extent of the data disclosed and what the next steps might be.

The FCA said: “No financial, payment card, passport or other identity information were included. We have taken immediate action to ensure this cannot happen again. We have referred the matter to the Information Commissioner’s Office.”

Show More
Back to top button