View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
February 25, 2020

Uh Oh, FCA Accidentally Published Personal Details of People Who Complained About It

"The publication of this information was a mistake by the FCA." Says FCA

By CBR Staff Writer

The Financial Conduct Authority (FCA) just admitted that it accidentally published the personal details of roughly 1,600 people who had made complaints about it in the last year.

The incident occurred when the FCA published – on its website – the details of a Freedom of Information (FOI) request that sought information on the number and nature of complaints that had been made against the agency between January 2018 and July of last year.

In that FOI post the FCA inadvertently included the personal details of the individuals who had made the complaints. Details included addresses, phone numbers and what the FCA is calling ‘other information’. The FCA says that no financial, payment card, passport or other identity information were included in the erroneous post.

In an online statement the FCA has stated that: “As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”

The FCA says it has already referred the incident to the Information Commissioner’s Office.

FCA Normally on the Other Side of This type of Thing

The FCA is the regulator for financial services firms and the financial markets in the UK. It currently acts as the watchdog for more than 59,000 businesses.

As such it is normally on the opposite of these incidents as it was in 2018, when it hit Tesco with a £16 million fine due to a cyberattack.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

In 2018 attackers used an algorithm to generate authentic Tesco bank cards that were then used to complete unauthorised debit card transactions. Following its investigation the FCA noted that: “Although Tesco Bank’s controls stopped almost 80% of the unauthorised transactions, the Cyber Attack affected 8,261 out of 131,000 Tesco Bank personal current accounts.”

Francis Gaffney, director of threat intelligence at Mimecast speaking on the FCA data leak told Computer Business Review in an emailed statement that: “Organisations continue to have an issue with large-scale data breaches and leaks of sensitive information from their databases, so it is vital that security teams regularly assess database security and ensure best practise is being followed. Mistakes such as this one can easily be avoided and have massive repercussions, both financially and from a reputational perspective.”

“To prevent these mistakes, IT teams must ensure they understand their environment and know exactly where data is being stored at all times. This will enable them to identify any vulnerabilities easily and fix any issues swiftly. It is equally important that organisations are well-prepared for incidents such as these. They must have a detailed and well-thought-out plan in place for any cyber incident to ensure any mitigation is as effective as possible. This plan needs to be tested regularly, carrying out various likely and impactful scenarios to keep the process well-oiled and efficient. By doing this, if an organisation does suffer some sort of incident, it can respond quickly and effectively to minimise the damage.”

See Also: Decathlon Leaks 123 Million Records via Insecure Elasticsearch Server

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.