44 million Britons caught in US hack
BT, British Gas and Capital One customers warned personal data may have been stolen
AN INVESTIGATION was last night under way amid fears hackers may have stolen the personal data of up to 44 million British consumers in a massive cyber attack.
The Information Commissioner’s Office (ICO) said it was investigating how the hack on Equifax, a US credit rating firm, affected UK customers, many of whom will be unaware their data was held by the company. It last night urged Equifax to alert affected UK customers as soon as possible.
Equifax and its UK subsidiary companies state on their websites that they represent British clients including BT, Capital One and British Gas. There are fears that customers of these companies could now be affected. Last night BT said that “many companies in the UK” use Equifax services and it was “monitoring the situation closely”.
Equifax, which has said it holds the personal details of 44million UK citizens, has admitted hackers obtained the personal data of 143 million customers in the US. The hack took place between mid-may and July this year, due to a vulnerability on its website, but it was not made public until now.
The stolen information includes names, social security numbers, dates of birth, addresses and, in some instances, driver’s licence details. It is also thought that around 209,000 credit card numbers were stolen. Equifax said “limited personal information” from British and Canadian residents had been compromised.
James Dipple-johnstone, ICO Deputy Commissioner, said: “Reports of a significant data loss at Us-based Equifax and the potential impact on some UK citizens gives us cause for concern.
“We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised. We will be advising Equifax to alert affected UK customers at the earliest opportunity. In cyber attack cases that cross borders the ICO is committed to working with relevant overseas authorities on behalf of UK citizens.”
A spokesman for BT said: “We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”
The attack was described as one of the largest in US history. Avivah Litan, an analyst who monitors ID theft and fraud for the technology and research company Gartner, said: “On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because … everyone uses the same data.”
It has since emerged that three
Equifax executives sold shares worth a combined $1.8m (£1.3m) a few days after the company discovered it had been hacked. However, Equifax said the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares”.
Richard Parris, chief executive and chairman of security company Intercede, said: “Equifax’s data breach is an example of the type of breach we should not be seeing today, and it’s worrying that calls for change are falling on deaf ears. Companies like Equifax are supposed to be the bastions of customer data. Yet, as has worryingly become commonplace today, businesses are continuing to neglect how they protect customer data – and even their own data.”
A spokesman for the Government’s National Cyber Security Centre said: “We are aware of a cyber incident affecting an American consumer credit reporting agency.
“Members of the public should contact Action Fraud if they believe they have been the victim of cyber crime.”