The UK’s financial services regulator, the Financial Conduct Authority (FCA), which regulates the conduct of financial businesses and markets has admitted to exposing information in a data breach.
The breach, which took place in 2019, [1] leaked the names, addresses and phone number details of people who had made complaints against the FCA. The authority has admitted to making a mistake and has referred itself to the Information Commissioner’s Office.
What happened?
The problem occurred back in November last year when, in response to a freedom of information request about the nature and quantity of complaints it received, the FCA published a spreadsheet online. The data in the sheet contained around 1,600 names. It took the FCA until February this year to spot its error and re-secure the information.
In a statement [2] issued following the disclosure, the FCA has been keen to stress that no financial, payment or other information was included in the breach.
It said, “As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”
Where people have been affected by the breach, the FCA has said it will be contacting them with an apology and offering advice on what steps to take to safeguard themselves.
What can we learn from this?
This latest breach is just one of many around the world and goes to show that, despite the introduction of tougher legislation such as GDPR, even government organisations are not immune from careless handling of personal data.
The sheer volume of breaches in recent years means that many of us will have had at least some of our personal data leaked. So how should you respond if you think you’re affected? The first thing to do is understand what information is involved. Names and addresses, for example, are pretty widely available but they can still be used in searches to try to uncover more information.
Phone numbers are more problematic as they may lead to you being targeted by scam calls. Leaked email addresses may lead to you getting spam, but more seriously are likely to be used in ‘credential stuffing’ attacks where stolen emails and passwords are tested against other sites.
This is why it’s important to use a different password on each site you visit and where possible enable two-factor authentication. You can check if your email address has been exposed at sites such as HaveIBeenPwned. [3] If you need help keeping track of passwords, then there are plenty of password manager programs available.
If your payment card or bank details have been exposed, then you should contact your bank for advice and keep an eye on your statements for any suspicious transactions. Provided that you have contacted the bank or card issuer, you should not be liable for fraudulent use. You should also sign up for a credit monitoring service, there are several free options available. This will alert you to any suspicious activity such as attempts to open other accounts in your name.
Of course, this isn’t just an issue for individuals, businesses too can be compromised by having information exposed in data breaches. This can lead to financial loss or theft of intellectual property.
Even if the organisation involved in the breach says that the stolen data was encrypted, it’s still worth taking precautions. Full-on identity theft can take years to resolve, so it’s important to act quickly.
If you are worried about data breaches in your business or would like to review your current security measures then give Cloudworks a call. We are specialists in cyber-security, cloud technologies and support. In addition, we continuously monitor our clients IT cloud infrastructure to ensure they are secure and protected against the latest threats. Give us a call to find out more and we will find the best strategy and solution to fit your business.
Call us on 0115 824 8244 or email info@cloudworks.co.uk
[1] https://betanews.com/2020/02/25/fca-data-breach/