In a statement, the organisation said it mistakenly published details of 1,600 people who had filed complaints, some of which took aim at its poor communication skills and high fees.
The information exposed included names, physical addresses, and telephone numbers, though neither passport details nor financial information was compromised.
According to the FCA, which reported itself to the Information Commissioner's Office (ICO), the breach came about as a result of an error handling a Freedom of Information (FoI) request.
Also see: The Cyber Security Fight Won't Stop
“We have undertaken a full review to identify the extent of any information that may have been accessible,” it said in a statement. “Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”
The FCA said it has taken measures to ensure a breach of this kind does not recur, and added it is reaching out to victims to “apologise and advise them of the extent of the data disclosed and what the next steps might be”.
The Information Commissioner’s Office confirmed it had received the report and that it is currently analysing the situation. The FCA could receive a significant penalty as a result of the breach.