/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

FCA admits data breach

The UK's top regulator has referred itself to the Information Commissioners Office after suffering a data breach that revealed the names and other identifiable information of 1600 individuals who had lodged complaints against it.

  14 3 comments

FCA admits data breach

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The FCA says that it inadvertently published the data in plain view on its Website in response to a Freedom of Information Act request.

The response related to the number and nature of new complaints made against the FCA and handled by the Complaints Team between 2 January 2018 and 17 July 2019.

Of the 1600 names revealed, up to half had addresses and phone numbers appended to their complaint. The FCA says no financial, payment card, passport or other identity information were included.

"The publication of this information was a mistake by the FCA," the agency states. "As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data."

The lapse is an embarrassment for the regulatory body, which is charged with investigating data breaches at member firms and dishing out financial penalties for shoddy security practices.

Sponsored New Report – The Future of AI in Financial Services 2025

Comments: (3)

Matthew O'Neill

Matthew O'Neill Industry Managing Director, Financial Services at VMware

Not sure that I would class this as a data breach as they published the information, so should this be more of a competency question using SMR terminology? 

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

LOL maybe the penalty for data breach is lower than that for incompetence!!!

Andrew Smith

Andrew Smith Founding CTO at RTGS & ClearBank

It's just yet another example of how handling personal identifiable data is a liability for companies - and really, the FCA shouldnt have needed this sort of data to be stored. 

Maybe the FCA will use this to drive discussions regarding digital identity and an entirely new model of how personal identifiable data is shared? It's needed, more so now than ever before with GDPR, but also Open Banking and the levels of push fraud...

[New Impact Study] Catering to a new generation though unified card programmesFinextra Promoted[New Impact Study] Catering to a new generation though unified card programmes