City watchdog under fire over data breach less than three weeks before Andrew Bailey takes over from Mark Carney at the Bank of England
The City regulator has reported itself to Britain’s data watchdog after accidentally publishing personal details of people to have complained to it.
In a humiliating gaffe, the Financial Conduct Authority posted on its website the names, addresses and phone numbers of hundreds of people who had made accusations against it.
The blunder is highly embarrassing for the FCA’s chief executive Andrew Bailey who is set to become the Bank of England Governor on March 16.
Watchdog gaffe: The Financial Conduct Authority posted on its website the names, addresses and phone numbers of hundreds of people who had made accusations against it
This cache of data – a treasure trove of information for fraudsters – was published in November and left on its website for around three months.
It was only taken down in early February, when the regulator was alerted.
Around 1,600 people were affected, many of whom had accused the watchdog of failing to take action or spot problems.
Names and details were published and in hundreds of cases information such as addresses and phone numbers were disclosed. The FCA said it is contacting these people to apologise and tell them what information it has published.
Even the most basic personal data can be exploited by fraudsters to cold call people with scams. The FCA said no financial, payment card, passport details or other sensitive information was disclosed.
But the regulator, set up to protect consumers from conmen, faces a fine for being careless with personal details.
It has reported itself to the Information Commissioner’s Office (ICO), which has been given powers to impose swingeing fines of up to £17million, or 4 per cent of global turnover, for the worst offences.
The blunder is highly embarrassing for the FCA’s chief executive Andrew Bailey who is set to become the Bank of England Governor
It is not the first time this year the FCA has landed in hot water with a fellow watchdog. Last month it was fined by The Pensions Regulator for failing to provide sufficient information to workers about its pension scheme.
Big firms including British Airways, Dixons Carphone and Marriott hotels have been penalised by the ICO for failing to protect customers’ details from hackers.
The data was published by mistake in response to a freedom of information request on how many complaints were lodged about the FCA in 2018 and 2019, and what people were complaining about.
It received 1,739 complaints between January 2, 2018 and July 17, 2019, containing 2,539 allegations against the FCA. Of these, 780 accused it of ‘failure to act on information’ or ‘spot a problem’.
The majority – 610 – were about one firm which collapsed into administration. This is believed to be London Capital & Finance, which went bust in March last year, leaving more than 11,400 investors facing losses of £230million.
The FCA had been warned three years before the firm’s demise about the speculative investments offering high returns, and has been widely condemned for failing to step in to protect investors.
It is facing a Treasury-led probe into its handling of the collapse. The ICO said: ‘People have the right to expect that organisations will handle their personal information securely and responsibly.
‘Where that doesn’t happen, people can come to the ICO and we will look into the details.’ The FCA said: ‘As soon as we became aware of this, we removed the relevant data from our website.
‘We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable.’