Nutmeg data breach: Investment management firm emails personal information to wrong people

ICO decides not to take action after system glitch exposed investment suitability reports

Online investment management firm Nutmeg suffered a system glitch that enabled its customers to access to other clients' personal data, including names, addresses and investment details.

In a report by the Financial Times, Nutmeg said that a fault with the code running its service meant that the firm had emailed more than 30 investment suitability reports to the wrong people.

The incident occurred when the 32 clients were incorrectly placed in a group to receive messages from Nutmeg's email system, called Nutmail, thereby giving them access to other people's personal data.

Nutmeg has since spoken to all of those involved, including the 32 customers affected by the incident, and has reported itself to the Information Commissioner's Office (ICO). The ICO, which has been ruthless at giving out fines for other data protection breaches, is understood to have looked at the incident but has decided not take any further action.

"Due to a technical error on September 1, a small number of customer suitability reports were sent to the wrong people," said Nick Hungerford, chief executive of Nutmeg (pictured).

"This was identified and rectified immediately, and all customers affected were contacted directly to inform them of the issue and apologise," he added.

Hungerford said that the firm could "assure [its] customers [that] this will not happen again".

He added that it was the first time that this had happened to Nutmeg, but that since the breach it had implemented further development procedures and testing.