FoI reveals scale of financial data loss


The loss of a server containing details of five million consumer credit customers is among the data loss breaches reported to the FCA in the past year.

A Freedom of Information request submitted by Money Marketing reveals five instances of lost or stolen data which have been reported to the regulator in the past 12 months.

Due to FoI time limit constraints, the FCA only searched for incidents “in the areas of the FCA to which these losses are routinely notified”.

Incidents reported to the regulator include a consumer credit firm which lost in transit a server containing customer details, affecting 5 million people.

The regulator informed the Information Commissioner’s Office of the incident.

In another case, a bank lost a USB stick containing information relating to 33,000 customers.

In two incidents where the number of affected customers is not known, a bank’s third party payment system was hacked, and a non-life insurer reported the loss of customer call recordings.

Separately, a non-life insurer lost medical records relating to eight policyholders.

The FCA refused to confirm or deny whether any action was taken against any of the firms. director Gary Williams says: “Large financial services firms are still not taking appropriate steps to protect the personal data of their customers.

“The consequences of data being lost or stolen should not be underestimated. All data, including email addresses and mobile phone numbers, can be used to facilitate financial crime.”