FCA loses 323 electronic devices worth over £300,000

Details of the device losses was obtained by Griffin Law using the Freedom of Information Act. The FOI revealed that over the three most recent financial years (FY 18/19, 19/21 and 20/21) hundreds of laptops, tablets, desktops and mobile phones were reported as lost or stolen by FCA staffers.

In the most recent financial year, overall lost devices increased by 369%, with 197 devices being reported missing worth an estimated £193,400. This compares to losses of 42 devices in 2020 worth around £41,500 and 84 in 2019 worth an estimated £75,700.

Tablet computers topped the lost devices list, with 201 lost and 14 stolen across the three financial years, worth an estimated £215,000 in total. 123 of these devices were reported as lost or stolen in 2021.

Next was laptops, with 88 going missed over the combined period at a total cost of £88,000 – 68 of these incidents occurred in 2021.

Last November, the FCA issued a warning to businesses to ‘be responsible when handling client data’.

Donal Blaney, founder of Griffin Law, said: “The Information Commissioner needs to investigate the FCA over the loss of sensitive data on these laptops, phones and tablets. There can be no excuse for such carelessness by FCA staff with such expensive gadgets paid for by hard-working taxpayers.”

Edward Blake, cyber expert and area vice president at Absolute Software commented: “Managing a large, distributed workforce is no easy task, particularly in the midst of a pandemic, and keeping tabs on valuable devices like laptops is growing increasingly difficult.

“If one of these lost devices ends up in the wrong hands, the FCA could be facing consequences far more severe than the cost to replace them. For example, sophisticated cyber criminals can steal the data contained on these devices, access more businesses files, or intercept emails between colleagues, for the purpose of data theft, monetary gain, high-profile scams, or ransomware.

“Therefore, it is more critical than ever to have a permanent digital connection to every endpoint, as well as the ability to lock, freeze or wipe the device if it is at risk of being compromised.”

A spokesperson for the FCA commented: “The FCA has strong security measures in place to ensure that data is protected in the event that a device is lost or stolen, including Bring Your Own Devices. We use encryption to protect information on FCA devices and two-factor authentication to ensure only authorised individuals can access the FCA’s network. We have clear processes to ensure losses are reported in a timely manner and access to the FCA network through that device is revoked remotely as soon as a loss is reported.

“Staff are also trained to not store sensitive data on their devices, to minimise the risk of data being exposed.”