FCA admits website data breach
26 Feb 2020
The Financial Conduct Authority (FCA) has suffered the embarrassment of a second run-in with another regulator after 1,600 individuals had details disclosed online
26 Feb 2020
The FCA referred itself to the Information Commissioner’s Office (ICO) following the discovery of a data breach resulting in the publication of confidential details of individuals on its website.
They said it had been made aware that, in a response to a Freedom of Information Act request published on its website in November 2019, certain underlying confidential information may have been accessible.
The response related to the number and nature of new complaints made against the FCA and handled by the complaints team between 2 January 2018 and 17 July 2019. Around 1,600 individuals had details disclosed.
The regulator has admitted that the publication of this information was a mistake by the FCA.
It has now removed the relevant data from its website, and has undertaken a full review to identify the extent of any information that may have been accessible. It has also referred itself to the ICO, and could face a substantial fine.
The FCA said that in many instances, the extent of the accessible information was only the name of the person making the complaint, with no further confidential details or specific details of their complaint.
However, there are instances where additional confidential information was contained within the description of the complaint, for example an address, telephone number, or other information. Where this is the case, the FCA is making direct contact with the individuals concerned to apologise and to advise them of the extent of the data disclosed and what the next steps might be.
No financial, payment card, passport or other identity information were included.
The FCA’s latest difficulty follows its problems at the start of the year with The Pensions Regulator, which levied a £2,000 penalty, the maximum possible, over deficiencies in the paperwork relating to the FCA’s pension scheme.