FCA Admits Revealing Customers’ Details

By   ISBuzz Team
Writer , Information Security Buzz | Feb 25, 2020 11:44 pm PST

As reported by BBC News, the Financial Conduct Authority (FCA) has admitted that it inadvertently published online the personal data of people who made complaints against it. The UK’s City watchdog said the names of the complainants, along with some addresses and telephone numbers, were accessible.

It will contact the most affected people to apologise and offer advice on next steps, it said. The watchdog added it had referred itself to UK privacy authorities. The personal information was published in November in response to a Freedom of Information request as part of a spreadsheet. The watchdog discovered the incident in early February, and immediately removed the data. The publication of this information was a mistake by the FCA.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Piers Wilson
Piers Wilson , Head of Product Management
February 26, 2020 7:47 am

To see the FCA having to refer itself to the ICO shows how easy data can be exposed through human error. In this case it is the inadvertent sharing of a FOI response with personal data contained within it, but it can also happen through deliberate or careless sharing of spreadsheets, data sets or documents, or the transmission of emails to wrongly addressed recipients.

No matter what an organisation does, or how much experience it has in security and privacy mistakes can happen. These can be when information is intended to be shared but hasn\’t been sanitised, or when information stored, transmitted or shared in other ways.

Last edited 4 years ago by Piers Wilson
Jake Moore
Jake Moore , Global Cyber Security Advisor
February 26, 2020 7:45 am

Cyber criminals can do some serious damage with a breached database containing personal identifiable information. From identity theft to scams and spam, they will try their luck on what they can and even attempt to gain entry to your accounts using just the email address. An incredibly large amount of people still use predictable or simple passwords, and many people\’s passwords are also readily available on the dark web thanks to previous breaches, so it quickly becomes a case of joining the dots for the cybercriminals.

This risk is then increased due to the fact that many people use the same passwords across multiple accounts. My advice is to use a password manager to store your uniquely different passwords robustly online so you don’t have to remember them all. Implementing 2FA will also help mitigate this risk.

Last edited 4 years ago by Jake Moore

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x