Data breach: FCA accidentally publishes personal information on its website

Thousands of names, telephone numbers and addresses leaked online by the FCA after it accidentally publishes them on its website

  • Nearly 2,000 people who complained about the FCA had their details published
  • The FCA admitted it should not have left them on its website
  • Details included names as well as addresses and telephone numbers

Thousands of personal details have been leaked by the city watchdog after it bungled a Freedom of Information response.

The Financial Conduct Authority admitted the personal details of people who complained about it – including names, addresses and telephone numbers – were mistakenly published in November 2019 and left online until earlier this month.

While it is not clear who may have accessed these details, criminals often glean basic personal information – largely from the dark web – for potential future fraud attempts.

The FCA has reported itself to the Information Commissioner’s Office with the details of 1,600 people listed on its website. 

Bungled: The FCA admitted it published people’s personal details on its website by mistake

It followed a response to an FOI request it received asking about the number of complaints made against the regulator between January 2018 and July 2019.

When the response was published on its website, the FCA accidentally published  names of complainants and, in some cases, other personal details, when revealing the complaints it had received.

It admitted the publication of this ‘underlying confidential information’ was ‘a mistake’.

According to The Telegraph, more than half of the 1,600 complainants had just their names revealed, with the rest presumably having other details published too. 

It is writing to customers who had addresses and contact details accidentally leaked.

It said in a statement in its website: ‘As soon as we became aware of this, we removed the relevant data from our website. 

‘We have undertaken a full review to identify the extent of any information that may have been accessible.

‘Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.’

It is embarrassing for the regulator, which has come under criticism over the last 12 months over its handling of the collapse of investment firm London Capital & Finance, the demise of fund manager Neil Woodford’s asset management business, and its inability to get Google to take down adverts for fraudulent investments.

Given scammers often take advantage of data breaches and use the leaked personal data, there is an irony that the regulator’s mistake could end up leading to a new wave of scams or identity theft, which it would then have to warn consumers about.

The mishap could also leave the regulator facing a hefty fine, with the ICO becoming increasingly willing to flex its muscles over data breaches in the last two years.

The UK’s data protection watchdog fined British Airways and hotel chain Marriott a combined £282million in July last year after data breaches.

However, these breaches involves customer’s bank and payment details, which the FCA insists were not leaked in the November 2019 data breach.

Source link