Sign up USA
Proactive Investors - Run By Investors For Investors

Equifax fined £500,000 over cyber attack that affected 15mln UK customers

Equifax said it was "disappointed in the findings and the penalty".
Equifax says it has taken steps to avoid another data breach

Credit rating agency Equifax has been fined £500,000 by the UK regulator for failing to protect 15 million Britons whose personal details were stolen in a data breach last year.

A cyber attack hit Equifax in the US between May 13 and July 30 last year, exposing the records of 146 million people worldwide, mainly in the US. Personal details that were stolen included names, dates of birth, telephone numbers and driving licence numbers.

READ: Number of people affected by Equifax’s massive 2017 data breach rises to 147.9mln

Britain’s Information Commissioner's Office (ICO), which issued the fine, said Equifax’s UK branch had “failed to take appropriate steps" to protect citizens' data. The ICO said “multiple failures" meant personal information had been kept longer than necessary and left vulnerable.

Equifax had initially said fewer than 400,000 Britons had their data exposed in the breach. However, the company later updated the figure to nearly 700,000 and in October it said a further 14.5mln records were affected by the breach.

READ: Equifax confirms more than 15mln UK customer records hacked in last month’s massive cyber attack

ICO says Equifax failed to act on US government warning

Ahead of the hack, the US government had warned Equifax in March 2017 that its systems were vulnerable.

The ICO, which teamed up with the Financial Conduct Authority to investigate the cyber attack, said the company did not take the appropriate steps to fix the vulnerability.

"The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce," said information commissioner Elizabeth Denham.

"This is compounded when the company is a global firm whose business relies on personal data."

Equifax apologises to customers 

Equifax said it was "disappointed" in ICO's findings and the penalty.

A spokesperson for the firm said: "As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect.

"The criminal cyber-attack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk."

View full EFX profile View Profile

Equifax Timeline

Related Articles

credit cards
July 08 2018
The group is already seeing good progress at its US contact centre business
Intellectual property sign
April 11 2018
The AIM-listed intellectual property group’s investments were worth £8mln as at the end of December 2017, helped by the additions of The Vaccine Group and water pollution tester Molendotech
The river Thames
June 08 2018
No longer focused so much on drone technology, the high-tech survey and inspection specialist is so changed that it probably should change its name but management would rather spend the money growing the business
Copyright ©, 2018. All Rights Reserved - Proactive Investors North America Inc., Proactive Investors LLC

Market Indices, Commodities and Regulatory News Headlines copyright © Morningstar. Data delayed 15 minutes unless otherwise indicated. Terms of use