The U.K.’s Financial Conduct Authority (FCA) apologized after it accidentally exposed the confidential details of around 1,600 consumers who complained against it, in response to a Freedom of Information (FoI) request for data. In an official notice, the regulator stated that certain underlying classified information like names, addresses, and phone numbers of complainants may have been accessible on its website. However, the company clarified that no financial, payment card, passport or other identity information were exposed in the incident.
According to FCA, the exposed information is related to the individuals who complained between January 02, 2018, and July 17, 2019. FCA removed the relevant data from its website immediately after noticing the breach. “We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data,” FCA said in a statement.
The regulator is reaching out to apologize the affected users and advise them of the extent of the data disclosed. It also reported the incident to the U.K.’s data privacy watchdog – the Information Commissioner’s Office.
Lack of Cyber Readiness Among U.K. Businesses
According to a survey from data security firm Clearswift, around 70% of financial firms in the U.K. reported security incidents in 2019, in which half of the incidents occurred due to internal errors. The research, which surveyed 100 senior business decision-makers from financial organizations in the U.K., highlighted that most of the attacks have originated due to employees who failed to follow proper data protection policies. Apart from employees’ errors, the survey also revealed other reasons that led to attacks, including downloads of malware or viruses from third-party devices like USBs, and file transfers to unsecured sources.
Rising Cyberattacks on U.K. Businesses
A research from business and financial adviser Grant Thornton UK LLP discovered that cyberattacks are a present danger for businesses in the U.K. The research report, “Cybersecurity – the Board Report”, stated that the businesses are not prepared to manage the cyber risks. It also revealed that the mid-market businesses in the U.K. have lost around £30 billion (US$37 billion) in 2019 due to security breaches. Grant Thornton stated they surveyed over 500 U.K. mid-market companies, in which half of them reported losses of up to 10% of their income over cyberattacks.