News

The UK’s Financial Conduct Authority has recently admitted suffering a data breach. The regulator of all UK payment institutions published a document on its website, by mistake revealing confidential information of 1,600 individuals. 

 Financial Conduct Authority

The Financial Conduct Authority is the regulator of 59,000 financial services providers in the UK. It monitors banks, credit unions, insurance, and investment firms. E-wallets providers, such as Skrill, Neteller, and ecoPayz, often used by bettors for deposits to bookmakers and exchanges, also fall within its jurisdiction.

 Back in November 2019, the FCA published a document with complaints against the regulator on its website. It was a response to the Freedom of Information Act, ensuring public access to certain information on public authorities. The document covered the number and the nature of complaints made against the FCA between the 2nd of January 2018 and the 17th of July 2019. But it ended up including personal data of 1,600 people who had posted those complaints. 

The published document featured descriptions of the complaints and the name of the person who had submitted it. But some descriptions also revealed other identifiable information too. They included addresses, telephone numbers, and other details.

According to the FCA, the document didn’t expose any financial data. None of the descriptions made payment card details or personal identifying information public.

FCA Regulator: It had been a mistake

But the FCA discovered the breach only earlier in February 2020. The regulator admitted that it had been a mistake, and took the document down from the website. It has also made the Information Commissioner’s Office (ICO) aware of the data breach. They are trying to determine the extent of damage done by making that personal information accessible online. 

According to the FCA, its main concern now is to protect the people that may be identified from the exposed information. That’s why the FCA is planning to contact everyone whose phone numbers, addresses, or other personal details suffered in the breach. It will follow up with an apology and suggest what the affected parties could do next. 

Still something to learn

In the end, the whole incident is quite an embarrassment for the FCA. Earlier in February, the regulator urged companies to be more responsible with customers’ personal information. It is also looking into a security breach at the Bank of England, and in 2018 fined Tesco for failing to protect customer data. But it seems the folks at FCA can still learn a thing or two about safeguarding sensitive information themselves.