Friday 22 November 2024
Select a region
News

Nearly 67k individuals' private data breached due to JFSC system flaw

Nearly 67k individuals' private data breached due to JFSC system flaw

Thursday 07 March 2024

Nearly 67k individuals' private data breached due to JFSC system flaw

Thursday 07 March 2024


The "restricted data" of nearly 67,000 individuals held by Jersey's financial services watchdog was able to be accessed due to a system flaw dating back three years, it has emerged today.

The Jersey Financial Services Commission confirmed this afternoon that the flaw allowed public access to a confidential register containing the names and addresses of 66,806 individuals associated with finance companies.

This included beneficial owners, controllers, directors, members, nominated persons, and company secretaries.

The vulnerability in the system dates back to 2021 when the registry was implemented, the JFSC confirmed, meaning the restricted personal information has been open to the public for the past three years. The JFSC clarified that the data did not link individuals to specific entities or roles.

aa40bd6c3412989a2b1a86eeb2b9c136_f5246.jpg

Pictured: The JFSC confirmed that the vulnerability in the system dates back to 2021 when the registry was implemented.

The JFSC first learned of the issue on 23 January and said that "an immediate fix was implemented within the hour of our becoming aware of the issue, and a permanent remedy issued by the software provider was then deployed". It has since been working with the Office of the Information Commissioner.

The regulator said that it was not possible to say "with certainty" who had accessed the data because this was done via a public API.

The JFSC wrote to only 2,477 of the 66,806 affected individuals because this was the number of people they were legally obligated to inform. 

In a statement, the JFSC said: “We deeply regret this has occurred and are currently undertaking further investigations to determine how this happened.

“We understand that no data compromise is acceptable, and we work hard to ensure controls are in place to protect the information we hold.”

Ian_Gorst_in_office.JPG

Pictured: Deputy Ian Gorst said that he had commissioned an independent investigation to determine that the actions taken to date have been appropriate.

The Minister with responsibility for Financial Services, Deputy Ian Gorst said: “I am assured by the JFSC that they have resolved a vulnerability that has affected a limited number of entries in their online Registry system.

“I am sorry that that this fault occurred, and I understand that the JFSC are conducting the most thorough of investigations to make sure lessons are learned and the design of the Register is improved and strengthened.

“Further to this, I have commissioned an independent investigation to determine that the actions taken to date have been appropriate. I will not be making any further comment until this inquiry has been completed.”

The JFSC said they will regularly update their website with information and will commission an independent review. 

Those who have been affected can contact the financial services regulator on: query@jerseyfsc.org.

Follow Express for updates...

Sign up to newsletter

 

Comments

Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.

You have landed on the Bailiwick Express website, however it appears you are based in . Would you like to stay on the site, or visit the site?