Red faces at FCA as regulator fesses up to data breach

The Financial Conduct Authority – the overlord of the financial services industry – has been forced to admit it has exposed the confidential information of hundreds of consumers on its website, in a highly embarrassing data breach.

The watchdog published details of nearly 1,600 people who filed complaints about it, including its lack of communication and level of fees, between January 2018 and July 2019.

The leaked information, which was included in a response to a Freedom of Information request, included names, addresses and telephone numbers. However, the FCA insists no financial details have been exposed.

Whether the FCA will now take action against itself is a moot point. After all, back in 2018 the regulator fined Tesco Bank £16.4m over its “largely avoidable” 2016 cyber attack that did not involve the loss of any customer data.

The regulator is also investigating the Bank of England over a security breach that allowed hedge funds to eavesdrop on press conferences.

The FCA said it has referred itself to the Information Commissioner’s Office. In a statement, the watchdog added: “We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”

The FCA claims it has taken action to ensure the error does not happen again, and said it is contacting those affected to “apologise and to advise them of the extent of the data disclosed and what the next steps might be”.

In a joint statement with the ICO, released earlier this month, the FCA warned insolvency practitioners and authorised firms to be responsible when dealing with personal data.

It now faces the prospect of being investigated by the ICO, which has confirmed it is aware of the incident and said it would assess the case before deciding on any action.

Share with friends and colleagues

Related Articles