The Jersey Financial Services Commission recently experienced a data breach, compromising non-public names and addresses. The breach stemmed from a detected vulnerability in the organization’s Registry system, which was identified on January 23rd. While the leak did not link individuals to registered entities or roles, the Commission promptly notified those affected and initiated further investigations to determine the root cause.
An initial forensic review pointed to a misconfiguration in the third-party-supplied Registry system as the cause of the breach. The Commission expressed deep regret over the incident and emphasized ongoing efforts to understand how it occurred. Collaborating with the Jersey Office of the Information Commissioner, the Commission is committed to ensuring lessons are learned and implementing improved security measures.
Deputy Ian Gorst, overseeing financial services, acknowledged the breach’s impact on a limited number of entries in the system. He apologized for the fault and stressed the Commission’s commitment to conducting thorough investigations for learning and improvement. Additionally, an independent inquiry has been commissioned to assess the adequacy of actions taken so far and to enhance the Register’s design and security.
