Site navigation

UK Financial Regulator Admits to Accidental Data Breach

David Paul


data breach

The Financial Conduct Authority has admitted that it mistakenly published online the personal data of people who made complaints against it.

The Financial Conduct Authority (FCA) has apologised after it accidentally revealed the confidential details of approximately 1,600 consumers who had complained about the regulator.

The FCA mistakenly published the names, addresses and phone numbers of complainants on its website in response to a Freedom of Information (FoI) request for data.

The data, which in some cases contained descriptions of complaints, was accessible on the FCA’s website between November 2019 and February 2020 until a member of the public raised concerns.

In a statement on the FCA website, the City watchdog said: “The FCA was recently made aware that, in a response to a Freedom of Information Act request published on our website in November 2019, certain underlying confidential information may have been accessible.

“The response related to the number and nature of new complaints made against the FCA and handled by the Complaints Team between 2 January 2018 and 17 July 2019. The publication of this information was a mistake by the FCA.”

The regulator is in the process of informing those affected by the breach and has referred the matter to the Information Commissioner’s Office (ICO).  No financial, payment card, passport or other identity information was exposed, according to the FCA.

Measures to strengthen the organisation’s security have been undertaken to ensure a similar lapse does not occur in the future.


The regulator said: “As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.

“In many instances, the extent of the accessible information was only the name of the person making the complaint, with no further confidential details or specific details of their complaint.”

David Paul

Staff Writer, DIGIT

Latest News

%d bloggers like this: