FCA reveals data breach that exposed personal details of people complaining about UK's financial watchdog
The UK's financial watchdog, the Financial Conduct Authority (FCA), has revealed details of a data breach that took place last year.
The FCA says that personal details of people who had made complaints against the watchdog were exposed following the online publication of a response to a Freedom of Information Act request. Among the exposed information are the names and numbers of those who had lodged complaints.
- Samsung admits to data breach unconnected to mysterious Find My Mobile 1 push notification
- 1 billion records exposed in 2019 as data breaches hit a new high
- Hackers leak personal data of 10.6 million MGM Resorts guests
The data breach dates back to November 2019, but the FCA has only revealed information about it today. The watchdog says that it mistakenly published information about people who made complaints between 2 January 2018 and 17 July 2019.
In a statement posted on its website, the FCA writes that it "was recently made aware that, in a response to a Freedom of Information Act request published on our website in November 2019, certain underlying confidential information may have been accessible". It goes on to say:
As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.
In many instances, the extent of the accessible information was only the name of the person making the complaint, with no further confidential details or specific details of their complaint.
However, there are instances where additional confidential information was contained within the description of the complaint, for example an address, telephone number, or other information. Where this is the case, we are making direct contact with the individuals concerned to apologise and to advise them of the extent of the data disclosed and what the next steps might be.
No financial, payment card, passport or other identity information were included.
The FCA adds that it has taken steps to ensure this could not happen again, and the matter has been referred to the Information Commissioner's Office.