Jersey Islands finance regulator reports another data breach in 6 months

The Jersey Financial Services Commission (JFSC) has issued an apology for a data breach that affected 261 individuals. The breach, which occurred during routine registry system maintenance, made information from the 2021 Transition and Annual Confirmation form publicly accessible from 21 to 24 June 2024.

The breach resulted from an error during minor maintenance updates. A form that was supposed to remain non-public was mistakenly categorized as "public," leading to the unintentional exposure of sensitive information.

The data exposed includes information from the 2021 Transition and Annual Confirmation form. Specific data types varied depending on the role undertaken by each individual within the company.

After discovering the leak JFSC fix the issue and engaged with the Jersey Office of the Information Commissioner and notified the affected individuals.

The JFSC emphasized their commitment to maintaining the security and confidentiality of their registry system. They expressed regret over the incident and have conducted a thorough review to identify the root cause and prevent future occurrences. In their statement, the JFSC said: "Trust and confidence in the security and confidentiality of our registry system is a critical priority. We are sorry this issue occurred and have undertaken a thorough review to pinpoint the exact cause to ensure this does not happen again."

This breach marks the second data security incident for the JFSC in 2024. A previous breach in January exposed non-public names and addresses due to a system vulnerability that had persisted for three years, affecting nearly 67,000 individuals.

The JFSC states that the two incidents were unrelated.