The UK Financial Conduct Authority (FCA) has admitted to a data breach that exposed confidential information belonging to approximately 1,600 consumers.
On Tuesday, the UK financial watchdog FCE said it the information exposure occurred following the public release of data in response to a Freedom of Information Act (FOI) request.
FOI requests can be made in the United Kingdom for records held by public authorities. The request at the heart of the data leak was made in relation to how many complaints were made against the FCA -- and handled by the authorities' complaints team -- between January 2, 2018, and July 17, 2019.
When these data records were published and made available on the FCA website in a document, the confidential information of complainants, of which there were approximately 1,600 during this timeframe, was also made public.
The data records contained Names, complaint descriptions, addresses, telephone numbers, and other information was exposed, although it is believed that roughly half of the individuals included only had their names revealed, and nothing else.
Good thing is no financial information, passport, or other ID records were published, the agency added.
The FCA has now removed the 1600 consumer records and is contacting the consumers involved in the leak directly to apologize.
The UK's Information Commissioner's Office (ICO) has been notified of the incident, in which FCA officials have likely been left red-faced -- especially as the regulator previously fined UK supermarket chain Tesco £16.4 million for lax security standards in the wake of a cyberattack against customers.
The UK ICO is responsible for conducting investigations into GDPR complaints and issuing fines; at least, for now, considering the potential ramifications of Brexit on data protection laws. Over 160,000 data breach notifications have been forwarded to the ICO in the last 18 months.
What do you think will happen next? Will UK ICO penalize FCA for lax security and privacy standards?
I would like to hear from you, please add your comments below or ping me on LinkedIn.
Do you want to grow your business safely and comply with the data protection laws? Ask us how we can help and work together by contacting us today.