Reference Case Number: FOI10119
Freedom of Information: Right to know request:
Under the Freedom of Information Act 2000 and in reference to IRQ0784316, I would like to know the following:
- The total number of reports of data breaches submitted to the FCA
- A breakdown of data breaches by industry sector
I would like the data broken down for each of the last three years with a year-end date of December 31. If you cannot provide data for this year end date, then please provide data for whichever year-end is used internally.
If you cannot provide data for each of the last three years, then please provide data for each of the last two years. If you cannot provide data for each of the last two years, then please provide data for the last year.
FCA response:
Before considering your request, it may be helpful to know that we define ‘data breach’ as ‘a confirmed incident in which the confidentiality of company or personal data is compromised or breached’. This does not mean that in every case personal/company data was exfiltrated/stolen.
Additionally, in relation to personal data, the Information Commissioners Office (the ICO) is the UK’s regulatory authority responsible for upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Data Protection Act 2018 (DPA 2018) and General Data Protection Regulation (GDPR) does not require firms to report personal data breaches or compromises to the FCA; however, firms should consider reporting material operational incidents to us pursuant the general notification requirements contained in SUP 15.R of the FCA Handbook. We are not required to report personal data breaches or compromises regarding firms to the ICO; this is the responsibility of the firms.
The table below is the breakdown of reported data breaches made by firms by year and sector during the period of 1 January to 31 December 2022; this is based on the date of the notification made to the FCA, not the date on which the incident took place. Sectors listed are as defined the FCA’s 2019 sector views published on our website. The data is correct as of 29 March 2023 and is subject to change.
Year | General Insurance and Protection |
Investment Management | Pensions & Retirement Income | Retail Banking and Payments | Retail Investments | Retail Lending | Wholesale Financial Markets | Grand Total |
|---|---|---|---|---|---|---|---|---|
| 2020 | 12 | 8 | 10 | 14 | 7 | 13 | 15 | 79 |
| 2021 | 11 | 10 | 2 | 11 | 6 | 5 | 11 | 56 |
| 2022 | 9 | 5 | 1 | 4 | 5 | 6 | 4 | 34 |
| Total | 32 | 23 | 13 | 29 | 18 | 24 | 30 | 169 |