City watchdog admits revealing customers' details

  • Published
Representation of dataImage source, Getty Images

The UK's City watchdog has admitted that it inadvertently published online the personal data of people who made complaints against it.

The Financial Conduct Authority (FCA) said the names of the complainants, along with some addresses and telephone numbers, were accessible.

It will contact the most affected people to apologise and offer advice on next steps, it said.

The watchdog added it had referred itself to UK privacy authorities.

The personal information was published in November in response to a Freedom of Information request as part of a spreadsheet.

The watchdog discovered the incident in early February, and immediately removed the data, it said.

"The publication of this information was a mistake by the FCA," it said.

Data breach

The Freedom of Information request sought the number and nature of new complaints against the FCA between 2 January 2018 and 17 July 2019.

Although some phone numbers were exposed, the information did not include financial, payment card, or passport details, the FCA said in a statement.

About 1,600 names were exposed, with fewer than half containing information such as telephone numbers.

Although it was "underlying", the data was accessible, the FCA said.

"We have undertaken a full review to identify the extent of any information that may have been accessible," it said. "Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data."

Privacy watchdog the Information Commissioner's Office (ICO) said: "When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects.

"The Financial Conduct Authority has made us aware of an incident and we will assess the information provided."

The news of the breach is a little embarrassing for the FCA, which just earlier this month published a joint statement with the ICO asking firms to be responsible with personal data.