7 Nov 2019

FMA admits privacy breach after documents 'inadvertently uploaded'

3:41 pm on 7 November 2019

The Financial Markets Authority (FMA) has admitted to a privacy breach which put sensitive personal information and evidence at risk.

man in dark room in front of computer screen, computer generic

Photo: Pixabay

The financial regulator has contacted some people who sent in complaints through its online system between 2015 and 2017, to notify them that their information may have accessed through internet searches.

"We apologise to those people who supplied us with information and also to the wider public for this error," FMA chief executive Rob Everett said.

"Their trust and confidence is critical to us."

A preliminary review of the FMA's systems found 27 instances where evidence provided to the regulator through an online form over a two-year period 'flowed through' to a folder of information to be uploaded to its website.

Six of those cases contained sensitive information that was not meant to be publicly available, including financial information.

"The documents were inadvertently uploaded to a portal on the FMA website," it said in a written statement.

"All but two of the documents were accessed following a change in automated search algorithms on 30 September 2019. The FMA believes this is related to ordinary enhancements to search engine algorithms, which took place around that time."

The regulator was notified of the breach on 21 October and immediately shut down its website, restoring it two days later.

"Our immediate focus was to ensure our systems were secure and to protect people's information," Mr Everett said.

"We are working hard to ensure we get to the bottom of the issue."

The regulator has notified the relevant government agencies and departments and hired the financial services firm KPMG to determine the cause and extent of the breach.