Bank of England audio leak followed 'exit of key cybersecurity staff'

Izzy Lyons
Bank of England - Bloomberg
Bank of England - Bloomberg

Senior cybersecurity workers left the Bank of England shortly before it suffered a major breach, according to reports. 

The Bank admitted late on Wednesday night that hedge funds had gained early access to its market-moving press conferences via a backup audio feed and investors could have used the advantage to profit.

An internal investigation was conducted at the Bank and the matter was then passed to the City watchdog the Financial Conduct Authority, which has confirmed it is investigating the issue.

Former unnamed employees have since come forward to warn that the Bank was struggling with the departure of key staff responsible for protecting it against external threats, according to The Observer.

Sources told the newspaper said at least 20 of the Bank’s staff tasked with information security had left or been reassigned elsewhere within the bank within the past year. 

The Bank’s chief information security officer and two deputies have left in the past year, the sources claimed. 

The allegation raises questions over the protection of the nation’s payment systems and other critical infrastructure vital to the British financial system.

Bank of England spokesperson said: “The recent incident was not a cyber security issue. It was a misuse of a back-up audio feed from the Bank’s press conferences by a third-party supplier, which the Bank has referred to the Financial Conduct Authority for further investigation.

"The Bank categorically rejects any suggestion that it has reduced the importance of its operational resilience.

"The Bank continues to operate the highest standard of information security and is confident in its ability to recognise cyber threats and defend its systems appropriately. Earlier this year, the Bank completed a review of its Central Services Target Operating Model. As part of the reorganisation, the responsibilities that were performed by the Bank’s Security and Privacy Division, were re-allocated across a number of different organisational areas including Technology, Security and Risk in order. This has strengthened the Bank’s governance and controls over all security risks. First line accountability for cyber risk was consolidated within Technology and separately, second line oversight of all security risks sits in the Bank’s independent Risk Directorate.”

The allegations come as the Bank prepares for the new governor, Andrew Bailey, the current chief executive of the Financial Conduct Authority, to take over from Mark Carney.

Multiple former employees told the Observer that the organisation is beset by budget cuts before Carney’s departure, against a backdrop of concerns over cost efficiency, and that there were problems with staffing given the departures and low staff morale.