The Financial Conduct Authority (FCA) has lost 323 electronic devices in the last three years, including 123 tablets and 68 laptops in the last year alone.
The devices lost over the last three years are estimated to be worth £310,600, according to official figures. The FCA, which operates independently from the UK government, is financed by charging fees to its members, and last November issued a warning to businesses to ‘be responsible when handling client data’.
The scale of the regulator’s device losses was obtained by Griffin Law, under the Freedom of Information Act. The firm’s enquiry found that hundreds of laptops, tablets, desktops and mobile phones were reported as lost or stolen by FCA staffers.
In the most recent financial year, overall lost devices surged by 369 per cent, with 197 devices being reported missing worth an estimated £193,400. This compares to losses of 42 devices in 2020 worth around £41,500 and 84 in 2019 worth an estimated £75,700.
Tablet computers topped the lost devices list, with 201 lost and 14 stolen across the three financial years, worth an estimated £215,000 in total. 123 of these devices were reported as lost or stolen in 2021.
Next was laptops, with 88 going missed over the combined period at a total cost of £88,000 – 68 of these incidents occurred in 2021.
Cyber expert and Absolute Software area vice president EMEA Edward Blake says: “Managing a large, distributed workforce is no easy task, particularly in the midst of a pandemic, and keeping tabs on valuable devices like laptops is growing increasingly difficult.
Under data protection rules, the FCA must report certain incidents to the Information Commissioner within 72 hours.
“If one of these lost devices ends up in the wrong hands, the FCA could be facing consequences far more severe than the cost to replace them. For example, sophisticated cyber criminals can steal the data contained on these devices, access more businesses files, or intercept emails between colleagues, for the purpose of data theft, monetary gain, high-profile scams, or ransomware.
“Therefore, it is more critical than ever to have a permanent digital connection to every endpoint, as well as the ability to lock, freeze or wipe the device if it is at risk of being compromised.”
Griffin Law founder Donal Blaney says: “The Information Commissioner needs to investigate the FCA over the loss of sensitive data on these laptops, phones and tablets. There can be no excuse for such carelessness by FCA staff with such expensive gadgets paid for by hard-working taxpayers”.
An FCA spokesperson says: “The FCA has strong security measures in place to ensure that data is protected in the event that a device is lost or stolen, including Bring Your Own Devices. We use encryption to protect information on FCA devices and two-factor authentication to ensure only authorised individuals can access the FCA’s network. We have clear processes to ensure losses are reported in a timely manner and access to the FCA network through that device is revoked remotely as soon as a loss is reported.
“Staff are also trained to not store sensitive data on their devices, to minimise the risk of data being exposed.”
