FCA refers itself to ICO over data breach

The Financial Conduct Authority (FCA) has referred itself to the Information Commissioner’s Office (ICO) over a data breach after it mistakenly published the names and other information of 1,600 people.

The regulator published a statement on its website this afternoon explaining that it had inadvertently published the details on its website in November as part of its response to a Freedom of Information request about complaints lodged against the FCA by individuals or organisation.

The FCA said that in many instances the extent of the accessible information was only the name of the person making the complaint, with no further confidential details or specific details of their complaint.

However, it said that there were “instances where additional confidential information was contained within the description of the complaint, for example an address, telephone number, or other information”.

The FCA statement read: “The publication of this information was a mistake by the FCA. As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible – our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”

No financial, payment card, passport or other identity information were included in the breach, the FCA said.

The statement concluded: “We have taken immediate action to ensure this cannot happen again. We have referred the matter to the Information Commissioner’s Office.”

    Share Story:

Recent Stories


Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Transforming document management into a strategic advantage for financial institutions
In this exclusive fireside chat, John Rockliffe, Pre-Sales Manager at d.velop, discusses the findings of Adapting to a Digital-Native World: Financial Services Document Management Beyond 2025 and explores how FSIs can turn document workflows into a competitive advantage.

Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.