Equifax UK Fined for 2017 Data Breach
No attachments for this post
The UK's Financial Conduct Authority (FCA) has imposed a fine of over £11 million on Equifax Ltd, the British subsidiary of credit reporting giant Equifax Inc, due to their role in the 2017 data breach that affected 147 million individuals, including 13.8 million from the UK.
This breach, which started on May 13, 2017, and went unnoticed until July 29, 2017, was attributed to the unauthorized access by hackers, with four members of China's People’s Liberation Army indicted in 2020 by the US for the cyberattack.
Equifax formally reported the incident on September 7, a substantial time after its detection. The subsequent investigation by FCA, starting October 2017, revealed that Equifax Ltd did not effectively oversee the security of the UK customer data it had sent to its US parent company. Consequently, critical personal data, including names, addresses, partial credit card details, and more, were exposed.
The FCA stated that the breach was avoidable. It criticized Equifax for not recognizing its relationship with its US parent as outsourcing, thus neglecting proper data management and protection. The agency also emphasized that the company was already aware of the vulnerabilities in their data security systems but did not act to protect UK consumer data.
Equifax Ltd learned about the compromise of UK consumer data six weeks post the breach's discovery, moments before its US parent announced the incident. They were overwhelmed with complaints and even gave misleading public statements about the affected UK consumers. Additionally, their quality assurance checks for complaint handling after the breach were found lacking.
On October 3, the FCA stated in a final notice to Equifax Ltd that the penalty should have been nearly £16 million. Previously, in 2019, Equifax settled for up to $700 million concerning the data breach, and in 2020, a US court mandated the firm to invest at least $1 billion in data security improvements.
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.