British victims of Equifax hack surge
EQUIFAX has admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised.
The credit rating firm said it was contacting nearly 700,000 customers in the UK to alert them that their data had been stolen in the attack, which was revealed in September. The company originally estimated that the number of people affected in the UK was “fewer than 400,000”. But last night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving licence numbers and phone numbers. The stolen data included partial credit card details of less than 15,000 customers.
Hackers potentially compromised a further 14.5 million records that could have contained names and dates of birth. Equifax originally said the compromised records did not contain passwords, addresses or financial information. It assured consumers that, because of the nature of the information, identity theft was “unlikely”.
But security experts have warned the details could be used by fraudsters to retrieve full payment details. The revised figure comes after investigators looking into the Equifax breach discovered another file had been stolen.
Cyber criminals breached Equifax’s systems in the US between mid-May and July, stealing the information of millions of customers.
Around 14.5 million consumers in the US could have been affected in the attack, a figure that Equifax had also underestimated initially. The US-based credit reference agency said the details of some British people had been stored across the Atlantic, resulting in them being implicated in the hack. The company has details for around 44 million UK-based and 143 million US-based consumers. Equifax said last month that its UK computer systems had not been affected and that a “process failure” meant a file containing British consumers’ details had been stored in the US from 2011 to 2016.
Richard Smith, Equifax chief executive and chairman, stepped down in the weeks after the hack was reported. The company, which holds data on around 820 million consumers and 91 million companies, said it faced a “massive” task responding to the hack.
Patricio Remon, Equifax’s president for Europe, said: “Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act. It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed.”