The FCA, the authority that regulates UK banking and financial services, has this week admitted to accidentally leaking the private data of around 1600 people that complained against the regulator.

In a document on its website, the FCA published names, phone numbers and addresses in response to a freedom of information request in November 2019. No other data like financial information or passport info was included, however. The private data belonged to those who complained against the FCA between January 2018 and July 2019.

The FCA has admitted to the leak and apologised, with the intent to address each person whose data was revealed and apologise to each in writing. It has referred itself to the Information Commissioner’s Office (ICO) and will likely expect a fine for the data breach.

On the back of this news, Andy Barratt, UK MD at international cybersecurity consultancy, Coalfire, told Finance Monthly: “The question on a lot of people’s minds will be how does the ICO respond to a data breach at a fellow regulator.

“Together, the ICO and FCA enforce some of the largest monetary penalties for data breaches and there could be cries of foul-play if one’s punishment of the other appears to be a light touch.

“While many will see this as embarrassing for the FCA, it now has a real opportunity to go through the same pain as those it regulates and learn from it.

“Human error is, to an extent, unavoidable and it will be interesting to see whether the FCA better empathises with those it polices in future.”