Article by Adam Williams – The Telegraph
Experts believe the Financial Conduct Authority will be hit with a major fine after personal details were exposed
Leading Brexiteer Arron Banks is among hundreds of people whose private records were wrongly published by the City watchdog in a major data breach.
Mr Banks was one of 1,600 members of the public whose details were mistakenly released on the website of the Financial Conduct Authority (FCA) after they made a complaint to the regulator. In some cases the FCA even included addresses and telephone numbers.
The fiasco has left the watchdog facing accusations of hypocrisy and the threat of a hefty fine, and piles further pressure on its boss Andrew Bailey as he prepares to become Governor of the Bank of England.
FCA chiefs rushed out a press release admitting their error after being contacted about it by the Telegraph.
Information seen by this newspaper shows that Mr Banks’s details were among those made public. The 53-year-old was a key backer of Nigel Farage before the European Union referendum and helped bankroll his campaign for Leave.
On Tuesday night, Mr Banks said: “The regulators don’t hire the brightest and the best, do they?
“This is an area the FCA takes seriously among the firms it regulates, so it’s disappointing to see this happen.
“There are meant to be protocols about how data is handled and clearly the FCA staff have busted them.”
The FCA has reported itself to the Information Commissioner’s Office (ICO) over the mistake, in which complainants’ records were released online between November 2019 and February 2020.
If found to have broken data protection rules, it could be fined as much as €20m (£16.7m).
This information published included the name of the complainant, the company they represented and the status of the complaint, as well as addresses and phone numbers in some instances.
Those who had the most significant personal data published will be contacted directly by the regulator.
Malcolm Taylor, a cyber security expert at ITC Secure who previously worked for GCHQ, said: “Most breaches are unintentional, but that does not make it any less significant.
“A breach is a breach. This is embarrassing.”
Mr Taylor said it is “slightly odd” that the regulator has decided not to contact all 1,600 people affected. Other organisations which had suffered similar breaches have offered identity monitoring services to victims to ensure their data is not used for nefarious purposes.
The FCA may yet be ordered to offer such redress by the Information Commissioner, Mr Taylor said, and is also likely to receive a large fine if found to have behaved wrongly.
Last year British Airways was fined £183m after hackers were able to access the personal details of 500,000 people.
In a statement, the watchdog said: “The publication of this information was a mistake by the FCA.
“As soon as we became aware of this, we removed the relevant data from our website.
“We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”
The regulator said that no financial information was leaked and that immediate action has been taken to ensure another breach does not occur.
However, the data breach is the latest embarrassment to damage the reputation of the regulator, which is responsible for upholding high standards in the City and frequently fines banks and other firms multi-million pound sums for breaking its rules.
The reign of Mr Bailey, who will leave to become Governor of the Bank of England next month, has been blighted by scandal.
On Tuesday City campaigner Gina Miller released a report which highlighted the failures that have occurred on Mr Bailey’s watch, including the collapse of “mini-bond” firm London Capital & Finance and the lack of action taken against failed fund manager Neil Woodford.
The report was backed by Shadow Chancellor John McDonnell, Conservative MP Kevin Hollinrake and former Lib Dem business secretary Vince Cable. Mrs Miller called on new Chancellor Rishi Sunak to reconsider Mr Bailey’s appointment as head of the Bank.
Mrs Miller called his promotion “a textbook example of rewarding failure”. The regulator rubbished Mrs Miller’s report. A spokesman said: “We utterly reject these claims.”