惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
小众软件
小众软件
J
Java Code Geeks
V
Visual Studio Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
美团技术团队
阮一峰的网络日志
阮一峰的网络日志
V
V2EX
博客园 - 叶小钗
N
Netflix TechBlog - Medium
月光博客
月光博客
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hacker News - Newest:
Hacker News - Newest: "LLM"
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
The Last Watchdog
The Last Watchdog
T
Threatpost
I
Intezer
T
Tenable Blog
L
LINUX DO - 热门话题
T
Tailwind CSS Blog
Scott Helme
Scott Helme
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
Engineering at Meta
Engineering at Meta
S
Schneier on Security
Recent Announcements
Recent Announcements
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Fortinet All Blogs
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Troy Hunt's Blog
量子位
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
人人都是产品经理
人人都是产品经理
博客园 - 【当耐特】
博客园 - Franky
www.infosecurity-magazine.com
www.infosecurity-magazine.com

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Countries use cyber targeting to plan strikes: Amazon CSO Overconfidence is the new zero-day as teams stumble through cyber simulations UK's Cyber Security and Resilience Bill makes Parliamentary debut Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts Amazon CISO: Iranian hacking crews ‘on high alert’ UK data watchdog fines 23andMe £2.3M over 2023 breach Employers are demanding too much from junior cyber recruits Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? US cyber defenses are being dismantled from the inside Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
FCA warned four staffers who pocketed regulator data
Connor Jones Connor Jones · 2025-06-13 · via The Register - Security: CSO

CSO

Slapped wrists for Financial Conduct Authority staff who emailed work data home

It was one of the offenders' final warning

Four staffers at the UK's Financial Conduct Authority (FCA) were let off with warnings over separate cases involving the transmission of regulator data to their personal email accounts.

Three of the employees at the authority received their first written warning for emailing unspecified data, according to a Freedom of Information Act (FoI) request. The financial watchdog looks after vast amounts of data, including complaints against companies. It also regulates when organizations in the finance sector suffer data breaches, and fined credit reference agency Equifax £11 million ($15.7 million) for an incident that put millions of UK consumers at risk of financial crime.

The fourth staffer is already on their "final written warning" for emailing FCA data to themselves, which the body said violates its systems' acceptable use policy.

The cases took place in the 2022/23 financial year, and details of a possible fifth violation were included in the FCA's response, although they were withheld under section 40 of the FoI Act. 

Section 40 exemptions come into play when disclosing information pertinent to the request would likely lead to the identification of the individual at fault. No similar incidents were identified in the financial years since.

The FCA, which employs more than 5,000 people, did not specify the nature of the data transmitted to personal email accounts or its size, although The Register asked it for clarity on the matter.

An FCA spokesperson provided a statement but did not comment on the nature of the data involved in these cases.

They said: "We take any breaches of our email security policies seriously and have systems and controls in place to manage breaches of email security. Breaches can and do result in an investigation and can lead to disciplinary sanctions.

"We have had no such incidents which required disciplinary sanctions in the years 2023/24 and 2024/25."

The regulator is responsible for overseeing the UK's financial services industry, and one of its responsibilities is to investigate data mishaps such as those caused by its own staff within organizations under its remit.

Like the Information Commissioner's Office (ICO), it has the power to issue punishments such as fines and other sanctions when organizations violate its rules.

Years before these data incidents took place, the regulator was forced to own up to a separate blunder involving the accidental leak of data related to people who filed complaints against it.

Around 1,600 complainants had their personal information, including names, addresses, and phone numbers, included in an FoI response uploaded to its website back in 2020.

Since then, several other UK public sector organizations have confirmed breaches via similar means.

Southend-on-Sea City Council, Suffolk and Norfolk police, and the infamous Police Service of Northern Ireland (PSNI) breaches all stemmed from mishandling FoI responses, with the latter proving especially concerning for those involved.

Commenting on the news of the FCA's four written warnings, Patrick Sullivan, CEO at the Parliament Street think tank, called the conduct involved "reckless and irresponsible," and called on the regulator to improve its data protection policies.

Andy Ward, SVP international at Absolute Security, said: "The FCA is tasked with managing extremely sensitive data, and the use of personal email accounts greatly increases the likelihood of a major security breach.

"Against the backdrop of several high profile cyberattacks, it's vital that all organizations wake up to the very real threat posed by unprotected devices and IT systems, and ensure cyber resilience is at the top of the boardroom agenda."

Arkadiy Ukolov, co-founder and CEO at Ulla Technology, said the scale of these offenses extends far beyond the small number at the FCA – tens of thousands of employees are sharing corporate information across personal email and AI assistants "every day."

"The reality is that most companies have no idea this is happening or the security risks involved," he added. "That's why it's crucial that robust policies and procedures are put in place, so all information can only be shared through secure channels." ®