The Financial Conduct Authority (FCA) has referred itself to the Information Commissioner’s Office (ICO) over a data breach after it mistakenly published the names and other information of 1,600 people.

The regulator published a statement on its website this afternoon explaining that it had inadvertently published the details on its website in November as part of its response to a Freedom of Information request about complaints lodged against the FCA by individuals or organisation.

The FCA said that in many instances the extent of the accessible information was only the name of the person making the complaint, with no further confidential details or specific details of their complaint.

However, it said that there were “instances where additional confidential information was contained within the description of the complaint, for example an address, telephone number, or other information”.

The FCA statement read: “The publication of this information was a mistake by the FCA. As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible – our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”

No financial, payment card, passport or other identity information were included in the breach, the FCA said.

The statement concluded: “We have taken immediate action to ensure this cannot happen again. We have referred the matter to the Information Commissioner’s Office.”

Share Story: