The UK's top regulator has referred itself to the Information Commissioners Office after suffering a data breach that revealed the names and other identifiable information of 1600 individuals who had lodged complaints against it.
The FCA says that it inadvertently published the data in plain view on its Website in response to a Freedom of Information Act request.
The response related to the number and nature of new complaints made against the FCA and handled by the Complaints Team between 2 January 2018 and 17 July 2019.
Of the 1600 names revealed, up to half had addresses and phone numbers appended to their complaint. The FCA says no financial, payment card, passport or other identity information were included.
"The publication of this information was a mistake by the FCA," the agency states. "As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data."
The lapse is an embarrassment for the regulatory body, which is charged with investigating data breaches at member firms and dishing out financial penalties for shoddy security practices.