AN investigation is under way after a data breach allowed tens of thousands of names and addresses on the Jersey Financial Services Commission registry to be accessed.
The JSFC says it has carried out an internal review into the incident, which affected almost 67,000 individuals, and the government has commissioned an independent investigation.
The flaw, which has now been rectified, dated back three years to when the system was first set up.
In a statement, the JFSC said: “On 23 January 2024 a vulnerability was detected in our registry system and we immediately took action to resolve the issue.
“This vulnerability allowed access to non-public names and addresses. It did not link any individuals to registered entities or roles held.
“We have separately written to certain individuals whose name and address was accessed and to whom we owe an obligation to communicate individually.
“We have conducted an initial forensic review with an independent cyber security partner. This review identified that the vulnerability was due to a misconfiguration in our third party-supplied registry system.
“We deeply regret this has occurred and are currently undertaking further investigations to determine how this happened.
“We have been working throughout with the Jersey Office of the Information Commissioner.”
External Relations Minister Ian Gorst, who has responsibility for financial services, said: “I am assured by the JFSC that they have resolved a vulnerability that has affected a limited number of entries in their online registry system.
“I am sorry that that this fault occurred, and I understand that the JFSC are conducting the most thorough of investigations to make sure lessons are learned and the design of the register is improved and strengthened.
“Further to this, I have commissioned an independent investigation to determine that the actions taken to date have been appropriate. I will not be making any further comment until this inquiry has been completed.”
