Equifax warned over its data vul­ner­a­bil­ity weeks be­fore breach

The Daily Telegraph - - Business - By Richard Evans

EQUIFAX was warned in April that it was “vul­ner­a­ble to data theft and se­cu­rity breaches”, just weeks be­fore the per­sonal de­tails of 143m Amer­i­cans were stolen.

In a damn­ing au­dit of the credit scor­ing agency, an­a­lysts at MSCI, the in­vest­ment in­dex com­pany, put Equifax’s “pri­vacy and data se­cu­rity” in the bot­tom quar­tile with a score of 0.0.

“Equifax’s data se­cu­rity and pri­vacy mea­sures have proved in­suf­fi­cient in mit­i­gat­ing data breach events,” MSCI’S anal­y­sis said. “The com­pany’s credit re­port­ing busi­ness faces a high risk of data theft and as­so­ci­ated rep­u­ta­tional con­se­quences.

“Equifax is vul­ner­a­ble to data theft and se­cu­rity breaches. The com­pany’s data and pri­vacy poli­cies are lim­ited in scope and Equifax shows no ev­i­dence of data breach plans or reg­u­lar au­dits of its in­for­ma­tion se­cu­rity poli­cies and sys­tems.”

MSCI gave the com­pany’s “en­vi­ron­men­tal, so­cial and cor­po­rate gov­er­nance” per­for­mance a rat­ing of CCC, the low­est avail­able – only 6pc of the busi­nesses it rates had such a low score.

It also placed Equifax’s “fi­nan­cial prod­uct safety” in the bot­tom quar­tile, point­ing out that the com­pany had been fined $3.8m (£2.8m) ear­lier this year in con­nec­tion with misleading prac­tices in its mar­ket­ing of prod­uct costs and credit scores.

Mean­while, MSCI rated pri­vacy and data se­cu­rity at Ex­pe­rian, Equifax’s Lon­don-listed ri­val, as in the top quar­tile. It gave the same score to its fi­nan­cial prod­uct safety and awarded an over­all rat­ing of A. Equifax fi­nally gave de­tails last night about how Bri­tish con­sumers had been af­fected by last week’s theft of data.

In a state­ment, it said that although its UK sys­tems “are not af­fected”, a “lim­ited amount of UK data” had in­ad­ver­tently been stored in Amer­ica and that some of this data might have been stolen.

The com­pany said it would con­tact 400,000 peo­ple in Bri­tain “in or­der to of­fer them ap­pro­pri­ate ad­vice and a range of ser­vices to help safe­guard and re­as­sure them”.

Pa­tri­cio Re­mon, president of Equifax Ltd, said: “We apol­o­gise for this fail­ure to pro­tect UK con­sumer data. We will make all of the nec­es­sary im­prove­ments and in­vest­ments to strengthen our se­cu­rity and pro­cesses go­ing for­ward.”

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.