Aggregated News From Investment Management Regulators

FMA apologises for privacy breach

Report/Flag

Please complete the required fields.



Media release

MR No. 2019 – 58

7 November 2019

The FMA today apologised for a privacy breach that meant complaints documents sent to the regulator between 2015 and 2017 were potentially accessible via internet searches.

FMA Chief Executive Rob Everett said the issue was rectified immediately when the regulator became aware of it, and reassured the public that any information provided to the FMA was now held confidentially.

The FMA has identified six cases where sensitive personal information provided to the regulator may have been accessed.

The FMA has contacted the people involved to advise them of the issue and any further steps they should take to protect their information.

A preliminary review has identified 27 instances where documents that supported complaints were accessed by internet searches. The documents were inadvertently uploaded to a portal on the FMA website. Of these, six contained sensitive personal information such as financial information. The remaining documents were either already publicly available or did not include any sensitive personal information.

“We apologise to those people who supplied us with information and also to the wider public for this error. Their trust and confidence is critical to us,” said Mr Everett.

The FMA first learned of the issue following a media inquiry on 21 October. The regulator immediately shut down its website to ensure all information was protected. The website was restored on 23 October once the FMA had confirmed no further confidential information was at risk.

“Our immediate focus was to ensure our systems were secure and to protect people’s information,” said Mr Everett.

“We have reviewed what files were uploaded in this way, what information they contained and contacted those people whose sensitive personal information may have been accessed.

“We are working hard to ensure we get to the bottom of the issue.”

The issue relates to documents that were provided to the FMA several years ago, and the FMA is still investigating the circumstances. However, an initial review indicates that information supplied through an online complaints form between 2015 and 2017 flowed into a folder holding information to be uploaded to the FMA website.

At no point was the information ever linked to public content on the FMA website, nor could it be located by browsing the website.

All but two of the documents were accessed following a change in automated search algorithms on 30 September 2019. The FMA believes this is related to ordinary enhancements to search engine algorithms, which took place around that time.

The FMA has worked closely with the relevant government agencies and departments, and has engaged KPMG to assist in its investigations into the cause and extent of the incident.

Mr Everett said a full review of the issue would be conducted by an independent external party. 

As a precautionary step, the FMA has removed the ability to upload complaints information via the website.

Anyone with questions about information they have provided to the FMA should contact the regulator.

ENDS

Media contacts:

Louise Nicholson

Director, External Communications & Investor Capability

027 495 9366

[email protected]
Campbell Gibson

Senior Adviser, Media Relations

021 945 323

[email protected]

Regulator Information

Regulator Name: Financial Markets Authority
Abbreviation: FMA
Jurisdiction: New Zealand

Recent Articles

Ernesto A. Lanza Named Acting Director of SEC Office of Municipal Securities

Washington, D.C., Dec. 3, 2021 — The Securities and Exchange Commission today announced that Ernesto A. Lanza will serve as Acting Director of the Office of Municipal Securities (OMS). Mr.

Tender regarding the ‘Provision of services of two Office Admins/Telephone Operators

The Cyprus Securities and Exchange Commission (‘CySEC’) wishes to announce that it has issued the public Tender No. 19/2021 for the ‘Provision of services...

Nexus IFA (Clone of FCA Authorised Firm)

Fraudsters are using the details of firms we authorise to try to convince people that they work for a genuine, authorised firm. Find out...

Blanket Order 52-503 – Exemption from National Instrument 52-112 Non-GAAP and Other Financial Measures Disclosure

Regulated Industries FCNB is responsible for the regulation and enforcement of securities, insurance, pensions, credit unions, trust and loan companies, co-oper

Deutsche Wallet (Clone of FCA Authorised Firm)

Fraudsters are using the details of firms we authorise to try to convince people that they work for a genuine, authorised firm. Find out...

Get the latest from Regulatory.News in your inbox!

×