Equifax warned over its data vulnerability weeks before breach
EQUIFAX was warned in April that it was “vulnerable to data theft and security breaches”, just weeks before the personal details of 143m Americans were stolen.
In a damning audit of the credit scoring agency, analysts at MSCI, the investment index company, put Equifax’s “privacy and data security” in the bottom quartile with a score of 0.0.
“Equifax’s data security and privacy measures have proved insufficient in mitigating data breach events,” MSCI’S analysis said. “The company’s credit reporting business faces a high risk of data theft and associated reputational consequences.
“Equifax is vulnerable to data theft and security breaches. The company’s data and privacy policies are limited in scope and Equifax shows no evidence of data breach plans or regular audits of its information security policies and systems.”
MSCI gave the company’s “environmental, social and corporate governance” performance a rating of CCC, the lowest available – only 6pc of the businesses it rates had such a low score.
It also placed Equifax’s “financial product safety” in the bottom quartile, pointing out that the company had been fined $3.8m (£2.8m) earlier this year in connection with misleading practices in its marketing of product costs and credit scores.
Meanwhile, MSCI rated privacy and data security at Experian, Equifax’s London-listed rival, as in the top quartile. It gave the same score to its financial product safety and awarded an overall rating of A. Equifax finally gave details last night about how British consumers had been affected by last week’s theft of data.
In a statement, it said that although its UK systems “are not affected”, a “limited amount of UK data” had inadvertently been stored in America and that some of this data might have been stolen.
The company said it would contact 400,000 people in Britain “in order to offer them appropriate advice and a range of services to help safeguard and reassure them”.
Patricio Remon, president of Equifax Ltd, said: “We apologise for this failure to protect UK consumer data. We will make all of the necessary improvements and investments to strengthen our security and processes going forward.”