FMA admits privacy breach

The Financial Markets Authority (FMA) has admitted to a privacy breach which put sensitive personal information and evidence at risk.

The financial regulator has contacted some people who sent in complaints through its online system between 2015 and 2017, to notify them that their information may have accessed through internet searches.

"We apologise to those people who supplied us with information and also to the wider public for this error," FMA chief executive Rob Everett said.

"Their trust and confidence is critical to us."

A preliminary review of the FMA's systems found 27 instances where evidence provided to the regulator through an online form over a two-year period 'flowed through' to a folder of information to be uploaded to its website.

Six of those cases contained sensitive information that was not meant to be publicly available, including financial information.

"The documents were inadvertently uploaded to a portal on the FMA website," it said in a written statement.

"All but two of the documents were accessed following a change in automated search algorithms on 30 September 2019. The FMA believes this is related to ordinary enhancements to search engine algorithms, which took place around that time."

The regulator was notified of the breach on 21 October and immediately shut down its website, restoring it two days later.

"Our immediate focus was to ensure our systems were secure and to protect people's information," Everett said.

"We are working hard to ensure we get to the bottom of the issue."

The regulator has notified the relevant government agencies and departments and hired the financial services firm KPMG to determine the cause and extent of the breach.

This article was originally published on RNZ and re-published with permission.

Help us create a sustainable future for independent local journalism

As New Zealand moves from crisis to recovery mode the need to support local industry has been brought into sharp relief.

As our journalists work to ask the hard questions about our recovery, we also look to you, our readers for support. Reader donations are critical to what we do. If you can help us, please click the button to ensure we can continue to provide quality independent journalism you can trust.


Newsroom does not allow comments directly on this website. We invite all readers who wish to discuss a story or leave a comment to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: Thank you.

With thanks to our partners