Equifax UK Fined £11.2 Million by FCA Over 2017 Data Breach

The UK’s Financial Conduct Authority (FCA) has fined Equifax’s UK unit more than £11 million ($13.3 million) for the 2017 data breach that affected around 13.8 million UK consumers. While the company was initially fined nearly £16 million ($19.4 million), it received a 30% discount under executive settlement procedures. The FCA noted that Equifax also received a 15% credit for its cooperation and remedial efforts. The regulator alleged that the company had failed to manage and secure UK consumer data outsourced to its US parent company. The FCA called the breach “foreseeable and entirely preventable.”

Equifax UK Fined Due to UK Consumer Data Breach

Equifax, an American credit reporting agency, was fined £11.2m ($13.4m) by the UK’s Financial Conduct Authority (FCA) following one of the world’s largest data breaches in which Chinese military hackers were responsible for exploiting a vulnerability in Equifax’s online dispute portal. This hacking resulted in the downloading of the personal data of nearly 14 million UK residents as well as 148 million Americans. In 2017, Equifax disclosed the breach six months after the initial breach. The FCA took issue with the company’s misleading statements about the severity of the breach.

Details of the Breach

The details of the breach, in which data such as names, dates of birth, phone numbers, and Equifax membership login details were exposed, had been disclosed to the UK unit five minutes before being made public by the US parent company. This delay hampered the UK unit’s ability to contact UK consumers and manage their complaints, as the company was not prepared to deal with the large volume of complaints that followed the breach’s announcement. A compliance report in 2018 revealed significant weaknesses and material non-compliance in the complaints operating framework.

Equifax UK Misleading Public Statements

FCA imposed the fine after the company’s British unit waited six weeks to notify the UK unit of the breach and five minutes before it was announced publicly. This delay led to significant confusion and a lack of immediate preparation to deal with the numerous customer complaints.

Despite the fine, Equifax pointed out that it has invested over $1.5 billion in security and technology improvements since the breach.

Patricio Remon, president for Europe at Equifax, said the company has “built one of the world’s most advanced and effective cybersecurity programs” and is rated in the top 1% of technology companies and the top 3% of financial services companies in terms of security posture.

In the financial industry, 2017 was a year of increased attacks. Along with Equifax, the UK National Health Service was struck, as was accounting firm Deloitte, law firm DLA Piper, and Swiss insurance company Swiss Re. However, what was different in 2017 was that there were reports that revealed how information and cyber-attacks could lead to political instability. For example, the breach of the personal data of the 14 million Equifax customers could have political implications. 

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

US Department of Justice Intensifies Fight Against Cybercrimes

President Biden’s Executive Order on AI: Shaping the Future with Safety and Security

Eight Essential Resources for Mitigating AI Risks and Harms: A Comprehensive Guide

OpenAI- ChatGPT Maker Under Fire Due to Possible Technology Breaches