The Jersey Financial Services Commission (JFSC) is grappling with a data breach, confirmed on March 7, which has exposed non-public names and addresses. Originating from a vulnerability detected in the registry system on January 23, 2024, the JFSC swiftly responded by collaborating with an independent cybersecurity partner for a forensic review. The investigation revealed a misconfiguration in the third-party-supplied registry system as the root cause of the breach.
Jersey Finance, the promotional body for Jersey’s financial center, chose not to comment, and inquiries to the Cyber Security Centre for Jersey and the Jersey Office of the Information Commissioner were met with silence. The JFSC, having previously cautioned financial services firms in the jurisdiction to enhance cybersecurity checks, assured that its corporate network remained uncompromised. However, the breach exposed the names and addresses of 66,806 individuals not publicly available on the register. The regulator promptly communicated with over 2,400 affected individuals.
In response to the breach, the JFSC reiterated its commitment to implementing robust controls to safeguard information. Recognizing the impossibility of eliminating all risks, the regulator remains dedicated to preventing data compromise while navigating an environment marked by increased malicious incidents following Russia’s invasion of Ukraine.
