Sunday, December 22, 2024

Hundreds affected by data breach at JFSC

Must read

THE private information of 261 people held by Jersey’s financial services watchdog became publicly available for three days following an issue during system maintenance, it has emerged.

The Jersey Financial Services Commission confirmed yesterday afternoon that the flaw allowed public access to information on the 2021 Transition and Annual Confirmation form, some of which was non-public.

This comes four months after the “restricted data” of nearly 67,000 individuals held by the JFSC was able to be accessed owing to a system vulnerability dating back three years.

The regulator said that there was no connection between the two incidents.

The recent breach occurred from 21 to 24 June, following “an issue which inadvertently occurred during registry system maintenance”.

As part of a minor maintenance update, a form that should not have been publicly available was categorised as “public” in error.

It affected 261 people, according to the JFSC. The types of information that were accessible depended on the role undertaken by any individual in respect of the company, and each has been notified appropriately.

The financial services regulator confirmed that its assessment of registry-user activity over the impacted period was “normal and in line with expectations”.

In a statement yesterday, the JFSC said: “As soon as we became aware of this issue, we acted immediately and remedied the situation on the same day.

“We are engaged with the Jersey Office of the Information Commissioner.”

The regulator described the security and confidentiality of its registry system as a “critical priority”.

The statement continued: “We are sorry this issue occurred and have undertaken a thorough review to pinpoint the exact cause to ensure this does not happen again.

“We have written to those individuals affected and notified the relevant trust company businesses.”

Further information is available on the JFSC website.

Latest article