Select a region
The "non-public information" of 261 individuals held by Jersey's financial services watchdog became publicly available for three days following an issue during system maintenance, it has emerged today.
The Jersey Financial Services Commission confirmed this afternoon that the flaw allowed public access to information on the 2021 Transition and Annual Confirmation form – some of which was "non-public".
It comes just four months after the "restricted data" of nearly 67,000 individuals held by the JFSC was able to be accessed due to a system vulnerability dating back three years.
The regulator confirmed today that there is no connection between the two incidents.
Pictured: In March, another JFSC system flaw allowed public access to a confidential register containing the names and addresses of 66,806 individuals associated with finance companies.
The recent breach occurred from 21 to 24 June, following "an issue which inadvertently occurred during registry system maintenance".
As part of a minor maintenance update, a form that should not have been publicly available was categorised as ‘public’ in error.
It affected 261 people, according to the JFSC.
The types of information that were accessible depended on the role undertaken by any individual in respect of the company, and each individual has been notified appropriately.
The financial services regulator confirmed that its assessment of registry user activity over the impacted period was "normal and in line with expectations".
In a statement this afternoon, the JFSC said: "As soon as we became aware of this issue, we acted immediately and remedied the situation on the same day.
"We are engaged with the Jersey Office of the Information Commissioner."
The regulator described the security and confidentiality of its registry system as a "critical priority".
The statement continued: "We are sorry this issue occurred and have undertaken a thorough review to pinpoint the exact cause to ensure this does not happen again.
"We have written to those individuals affected and notified the relevant Trust Company Businesses."
Further information is available on the JFSC website.
The findings of the independent investigation instigated after the registry system vulnerability reported in March are due later this summer.
Comments
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.