Credit firm admits data of 400,000 Britons may have been hacked
EQUIFAX has finally admitted that the data of up to 400,000 UK consumers might have been stolen in the massive data breach last week.
The firm said information about some British people had inadvertently been stored in America and that these details had “potentially” been stolen in the attack. The credit scoring firm said it would write to “fewer than 400,000” UK consumers to “offer them appropriate advice and a range of services to help safeguard and reassure them”.
For the past week Equifax has refused to say how many British citizens may have had their data compromised. It did reveal that hackers had exposed the personal data of 143 million customers in the US, which had been unlawfully accessed between mid-may and July this year thanks to a vulnerability on its website.
Yesterday it said its UK systems had not been affected but that a “process failure” had led to a file containing information about British consumers being stored in the US between 2011 and 2016. This file, which contained names, dates of birth, email addresses and telephone numbers, may have been unlawfully accessed, the company admitted. It said the file did not include addresses, passwords or financial information.
Equifax said it believed “identity takeover is unlikely”, but it would be offering “reassurance and protection” to anyone whose information had been accessed. The firm said it would be writing to UK consumers to offer them a free identity protection service, to enable them to monitor their personal data. It will “incorporate web and social media monitoring” to alert people to publicly available information on them.
Last night Equifax announced its chief information officer and chief security officer would be leaving the company with immediate effect. It did not name them, but they are believed to be David Webb and Susan Mauldin.
Patricio Remon, president of Equifax, said: “We apologise for this failure to protect UK consumer data.”