logo-loader

Equifax fined £500,000 over cyber attack that affected 15mln UK customers

Published: 09:29 20 Sep 2018 BST

Equifax
Equifax says it has taken steps to avoid another data breach

Credit rating agency Equifax has been fined £500,000 by the UK regulator for failing to protect 15 million Britons whose personal details were stolen in a data breach last year.

A cyber attack hit Equifax in the US between May 13 and July 30 last year, exposing the records of 146 million people worldwide, mainly in the US. Personal details that were stolen included names, dates of birth, telephone numbers and driving licence numbers.

READ: Number of people affected by Equifax’s massive 2017 data breach rises to 147.9mln

Britain’s Information Commissioner's Office (ICO), which issued the fine, said Equifax’s UK branch had “failed to take appropriate steps" to protect citizens' data. The ICO said “multiple failures" meant personal information had been kept longer than necessary and left vulnerable.

Equifax had initially said fewer than 400,000 Britons had their data exposed in the breach. However, the company later updated the figure to nearly 700,000 and in October it said a further 14.5mln records were affected by the breach.

READ: Equifax confirms more than 15mln UK customer records hacked in last month’s massive cyber attack

ICO says Equifax failed to act on US government warning

Ahead of the hack, the US government had warned Equifax in March 2017 that its systems were vulnerable.

The ICO, which teamed up with the Financial Conduct Authority to investigate the cyber attack, said the company did not take the appropriate steps to fix the vulnerability.

"The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce," said information commissioner Elizabeth Denham.

"This is compounded when the company is a global firm whose business relies on personal data."

Equifax apologises to customers 

Equifax said it was "disappointed" in ICO's findings and the penalty.

A spokesperson for the firm said: "As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect.

"The criminal cyber-attack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk."

HANetf founder and co-CEO discusses shift to active management in ETF market

HANetf founder and co-CEO Hector McNeil tells Proactive's Stephen Gunnion about shifting trends in the exchange-traded fund (ETF) market in the United States, indicating a big move towards active management within ETFs. Despite the European market lagging behind the US by three to five years,...

13 hours, 9 minutes ago