Proactive Investors - Run By Investors For Investors

Equifax fined £500,000 over cyber attack that affected 15mln UK customers

Equifax said it was "disappointed in the findings and the penalty".
Equifax says it has taken steps to avoid another data breach

Credit rating agency Equifax has been fined £500,000 by the UK regulator for failing to protect 15 million Britons whose personal details were stolen in a data breach last year.

A cyber attack hit Equifax in the US between May 13 and July 30 last year, exposing the records of 146 million people worldwide, mainly in the US. Personal details that were stolen included names, dates of birth, telephone numbers and driving licence numbers.

READ: Number of people affected by Equifax’s massive 2017 data breach rises to 147.9mln

Britain’s Information Commissioner's Office (ICO), which issued the fine, said Equifax’s UK branch had “failed to take appropriate steps" to protect citizens' data. The ICO said “multiple failures" meant personal information had been kept longer than necessary and left vulnerable.

Equifax had initially said fewer than 400,000 Britons had their data exposed in the breach. However, the company later updated the figure to nearly 700,000 and in October it said a further 14.5mln records were affected by the breach.

READ: Equifax confirms more than 15mln UK customer records hacked in last month’s massive cyber attack

ICO says Equifax failed to act on US government warning

Ahead of the hack, the US government had warned Equifax in March 2017 that its systems were vulnerable.

The ICO, which teamed up with the Financial Conduct Authority to investigate the cyber attack, said the company did not take the appropriate steps to fix the vulnerability.

"The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce," said information commissioner Elizabeth Denham.

"This is compounded when the company is a global firm whose business relies on personal data."

Equifax apologises to customers 

Equifax said it was "disappointed" in ICO's findings and the penalty.

A spokesperson for the firm said: "As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect.

"The criminal cyber-attack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk."

View full EFX profile View Profile

Equifax Timeline

Related Articles

Wind turbines
November 06 2018
Formerly known as Strat Aero, the company is now focusing squarely on remote monitoring of rotating shafts after acquiring a controlling stake in software firm GyroMetric
credit cards
July 08 2018
The group is already seeing good progress at its US contact centre business
Drilling rig
January 10 2019
Since its first half results in August, the drilling services firm has secured two key contract extensions as well as a new delineation drilling contract in Côte d'Ivoire
Copyright ©, 2019. All Rights Reserved - Proactive Investors North America Inc., Proactive Investors LLC

Market Indices, Commodities and Regulatory News Headlines copyright © Morningstar. Data delayed 15 minutes unless otherwise indicated. Terms of use