LinkedPrime
Jobs
Technology

“No evidence” leaked data used to detriment of 67k people impacted

THERE is no evidence that the personal information of nearly 67,000 individual put at risk by the Island’s financial services watchdog was used maliciously, according to the data protection regulator. The Jersey Office of the Information Commissioner yesterday concluded its investigation into a three-year data breach by Jersey Financial Services Commission. The issue first came to light in March 2024, when it emerged that the flaw allowed public access to a confidential register containing the names and addresses of 66,806 individuals associated with finance companies. This included beneficial owners, controllers, directors, members, nominated persons, and company secretaries. The vulnerability in the system dated back to 2021 when the registry was implemented, meaning the restricted personal information was open to the public for three years. But now, following a full investigation by the data protection watchdog, it this week emerged that the JFSC will not be fined for the breach. In a statement published yesterday, the JOIC concluded that the nature of the breach would have warranted initiating the process to consider an administrative fine but, “as public authorities are not subject to such fines under the current framework, no further consideration was given to this”. The data protection regulator also confirmed that there was no evidence that the personal information had been used to the detriment of those impacted by the breach, and no complaints had been received from individuals affected. The JFSC co-operated fully with the inquiry and “made full and frank admissions as to the shortcomings in various areas that led to system vulnerability”, the statement said. The JOIC therefore concluded that it was “satisfied that there is little risk to individuals regarding a re-occurrence of these vulnerabilities in system security”. In a statement posted online, the JFSC said it was “deeply sorry this data breach occurred”, and fully accepted the JOIC’s findings. The statement continued: “Together with a forensic review, we commissioned an independent third-party root cause analysis. All actions arising from this analysis have been completed, and we worked closely with JOIC throughout this process. “We appreciate JOIC’s recognition of the steps we have taken to address the issues identified, and we remain committed to maintaining and enhancing the technical and organisational measures necessary to ensure the continued protection of data. “We are grateful to JOIC for their engagement and guidance throughout this process, and to our wider stakeholder community. “We will continue to embrace best practice to protect stakeholder data and Jersey’s reputation as a leading international finance centre.”

Christie Bailey,Jersey Financial Services
“No evidence” leaked data used to detriment of 67k people impacted

THERE is no evidence that the personal information of nearly 67,000 individual put at risk by the Island’s financial services watchdog was used maliciously, according to the data protection regulator.

The Jersey Office of the Information Commissioner yesterday concluded its investigation into a three-year data breach by Jersey Financial Services Commission.

The issue first came to light in March 2024, when it emerged that the flaw allowed public access to a confidential register containing the names and addresses of 66,806 individuals associated with finance companies.

This included beneficial owners, controllers, directors, members, nominated persons, and company secretaries.

The vulnerability in the system dated back to 2021 when the registry was implemented, meaning the restricted personal information was open to the public for three years.

But now, following a full investigation by the data protection watchdog, it this week emerged that the JFSC will not be fined for the breach.

In a statement published yesterday, the JOIC concluded that the nature of the breach would have warranted initiating the process to consider an administrative fine but, “as public authorities are not subject to such fines under the current framework, no further consideration was given to this”.

The data protection regulator also confirmed that there was no evidence that the personal information had been used to the detriment of those impacted by the breach, and no complaints had been received from individuals affected.

The JFSC co-operated fully with the inquiry and “made full and frank admissions as to the shortcomings in various areas that led to system vulnerability”, the statement said.

The JOIC therefore concluded that it was “satisfied that there is little risk to individuals regarding a re-occurrence of these vulnerabilities in system security”.

In a statement posted online, the JFSC said it was “deeply sorry this data breach occurred”, and fully accepted the JOIC’s findings.

The statement continued: “Together with a forensic review, we commissioned an independent third-party root cause analysis. All actions arising from this analysis have been completed, and we worked closely with JOIC throughout this process.

“We appreciate JOIC’s recognition of the steps we have taken to address the issues identified, and we remain committed to maintaining and enhancing the technical and organisational measures necessary to ensure the continued protection of data.

“We are grateful to JOIC for their engagement and guidance throughout this process, and to our wider stakeholder community.

“We will continue to embrace best practice to protect stakeholder data and Jersey’s reputation as a leading international finance centre.”

Read original article →

Related Articles