Equifax faces £500,000 fine in the UK over massive data breach

UK officials have slapped Equifax with a £500,000 (US$660,000) fine for failing to protect up to 15 million citizens' personal data. The Information Commissioner's Office (ICO) has announced its verdict after almost a year-long investigation with the Financial Conduct Authority. Together, they looked into the massive Equifax breach that affected 146 million people around the world. Cybercriminals infiltrated the consumer credit reporting agency's systems by using an exploit on its website to gain access to people's names, addresses, birthdates, SSNs, as well as tax and driver's license information.

According to the ICO, Equifax UK's parent company in the US -- the one infiltrated by cyberattackers -- processed data on its behalf. It has come to the conclusion that the company's UK division failed to make sure that its American counterpart was protecting UK citizens' information properly. Authorities have also found "significant problems with [the company's] data retention, IT system patching and audit procedures." Further, they've discovered that the US Department of Homeland Security warned Equifax about a critical vulnerability back in March 2017, and it didn't take steps to patch the flaw the hackers ultimately exploited.

The agencies' investigators divided the affected subjects in the country into different categories: the ones that were most affected (19,993 people) had their names, birthdays, phone numbers and driver's licenses stolen. Meanwhile, the first three types of information were exposed for 637,430 subjects. In all, 15 million UK citizens had their names and birthdates exposed, but those unfortunate enough to fall under the first type are clearly the most vulnerable to identity theft.

While £500,000 is chump change for a company like Equifax despite all its financial setbacks since the breach came to light, that's the largest fine authorities can issue, seeing the event happened before GDPR was implemented. Information Commissioner Elizabeth Denham explained:

"The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce. This is compounded when the company is a global firm whose business relies on personal data.

We are determined to look after UK citizens' information wherever it is held. Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law."

Source: ICO, BBC, Reuters



via Engadget RSS Feed https://ift.tt/2NZN6Ty
RSS Feed

If New feed item from http://www.engadget.com/rss-full.xml, then send me


Unsubscribe from these notifications or sign in to manage your Email Applets.

IFTTT

Comments

Popular posts from this blog

Evernote cuts staff as user growth stalls

The best air conditioner

We won't see a 'universal' vape oil cartridge anytime soon