U.K. Regulator Leaked Personal Data

The data was exposed after a response to a Freedom of Information Act request was published online.
Lauren MuskettFebruary 25, 2020

The U.K. Financial Conduct Authority (FCA) said it released the personal information of about 1,600 people who had made a complaint about the regulator.

The FCA said it mistakenly published the personal data, including names, addresses, and phone numbers, in a document on its website in response to a Freedom of Information Act data request.

The response was related to the nature and number of complaints made against the regulator between January 2018 and July 2019.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

It said the personal data released in the breach, published in November 2019, did not include financial, payment card, or passport information.

The FCA oversees fines and other penalties for companies in the U.K. that fail to protect customer information. It said it had referred itself to the Information Commissioner’s Office over the incident.

“The publication of this information was a mistake by the FCA,” the regulator said in a statement. “As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”

The regulator said it would contact individuals who had their addresses and phone numbers leaked in order to inform them of the breach, but in many cases only the name of the person making the complaint was accessible.

Earlier this month, the FCA, along with the Information Commissioner’s Office and the Financial Services Compensation Scheme, issued a warning on data-sharing practices among insolvency practitioners who fail to meet their obligations under the Data Protection Act and the General Data Protection Regulations.

In 2018, it fined Tesco more than $21 million over its failure to protect account holders for a “largely avoidable” cyber attack in 2016.

The FCA is currently overseeing an investigation into a security breach at the Bank of England that allowed hedge funds to gain early access to sensitive, market-moving press conferences by Governor Mark Carney.

Understanding Which ERP Modules Your Business Needs – And When