As reported by BBC News, the Financial Conduct Authority (FCA) has admitted that it inadvertently published online the personal data of people who made complaints against it. The UK’s City watchdog said the names of the complainants, along with some addresses and telephone numbers, were accessible.
It will contact the most affected people to apologise and offer advice on next steps, it said. The watchdog added it had referred itself to UK privacy authorities. The personal information was published in November in response to a Freedom of Information request as part of a spreadsheet. The watchdog discovered the incident in early February, and immediately removed the data. The publication of this information was a mistake by the FCA.
To see the FCA having to refer itself to the ICO shows how easy data can be exposed through human error. In this case it is the inadvertent sharing of a FOI response with personal data contained within it, but it can also happen through deliberate or careless sharing of spreadsheets, data sets or documents, or the transmission of emails to wrongly addressed recipients.
No matter what an organisation does, or how much experience it has in security and privacy mistakes can happen. These can be when information is intended to be shared but hasn\’t been sanitised, or when information stored, transmitted or shared in other ways.
Cyber criminals can do some serious damage with a breached database containing personal identifiable information. From identity theft to scams and spam, they will try their luck on what they can and even attempt to gain entry to your accounts using just the email address. An incredibly large amount of people still use predictable or simple passwords, and many people\’s passwords are also readily available on the dark web thanks to previous breaches, so it quickly becomes a case of joining the dots for the cybercriminals.
This risk is then increased due to the fact that many people use the same passwords across multiple accounts. My advice is to use a password manager to store your uniquely different passwords robustly online so you don’t have to remember them all. Implementing 2FA will also help mitigate this risk.