Equifax’s cyber security incident affects 400,000 UK consumers

Equifax announced a cyber security incident, identifying unauthorised access to limited personal information for certain UK consumers.

The investigation shows a file consisting of UK consumer information, which led to a limited amount of UK data, including names, date of births, addresses, passwords or financial data being stored in the US between 2011 – 2016.

Equifax has established that it is likely to need to contact around 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.

The consumer credit reporting agency confirmed that Equifax and TDX Group systems and platforms are entirely separated from those impacted by the incident.

Patricio Remon, president at Equifax, said: “We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.”

The compromised UK consumer data does not relate to any single Equifax business client or institution.

Ilia Kolochenko, CEO of High-Tech Bridge, added: “The great fuss around the Equifax breach exposes our unpreparedness to handle major data breaches in a pragmatic and professional manner. We can observe uncertainty, bias, fear, doubts and anger on all sides of the incident.

“Those emotions are understandable, but in cyber security they are a pretty bad ally. We should not forget about the presumption of innocence, and ascertain all the facts before making conclusions or especially accusatory judgements. Someone’s negligence is undoubtedly at fault here, however without a thorough technical investigation, we risk blaming innocent and professional people.”

Equifax is proactively contacting impacted customers in writing to offer them a free comprehensive identity protection service, allowing them to monitor their personal data, including credit information, and to be alerted of any potential signs of fraudulent activity, through web and social media monitoring.

Written by Leah Alger