The Jersey Financial Services Commission said last week that on 23 January 2024 "a vulnerability was detected in our Registry system".
The island regulator said it conducted an initial forensic review with an independent cyber security partner, which identified that the vulnerability was due to a misconfiguration in its third party-supplied Registry system, which had been implemented in January 2021.
"This vulnerability allowed access to non-public names and addresses. It did not link any individuals to registered entities or roles held.
"We immediately took action to resolve the issue and have separately written to certain individuals whose name and address was accessed and to whom we owe an obligation to communicate individually.
"We deeply regret this has occurred and are currently undertaking further investigations to determine how this happened. We have been working throughout with the Jersey Office of the Information Commissioner."
