FCA admits publishing personal data by mistake

The City watchdog has admitted that it accidentally published the personal data of 1,600 people who had made complaints.

The Financial Conduct Authority said names and details of complainants were available in a spreadsheet on its website between November and February before a member of the public raised concerns.

Some addresses and telephone numbers were also mistakenly published in the spreadsheet which was provided in response to a Freedom of Information request. No financial, payment card, passport or other identity details were included, the regulator said.

The breach related to those people who made a complaint against the FCA between January 2018 and July 2019.

The FCA is contacting people who have been been affected by the embarrassing data breach to apologise.

“The publication of this information was a mistake by the FCA,” it said in a statement.

“As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible.

“Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”

The Information Commissioner’s Office (ICO), said: “When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects.

“The Financial Conduct Authority has made us aware of an incident and we will assess the information provided.”

Earlier this month, the FCA released a joint statement with the ICO, warning firms to be responsible when dealing with personal data.

It also hit Tesco with a £16.4m fine in 2018 for failing to protect customer information and is currently investigating a security breach at the Bank of England.

Related Articles