UK fines Equifax $13.6 million for 2017 data breach


The UK arm of credit reporting firm Equifax was fined £11,164,400 (about $13.6 million) on Friday by a British regulator for allowing hackers to access personal information of millions of people in 2017.

About 13.8 million UK consumers were affected in the incident, according to the Financial Conduct Authority, and it remains one of the largest data breaches of all time. About 148 million people in the U.S. had their data exposed in the attack.

The watchdog found that Equifax Ltd, the firm’s U.K. business, exposed data because it outsourced processing to servers run by its U.S. parent, Equifax Inc. The affected information included “names, dates of birth, phone numbers, Equifax membership login details, partially exposed credit card details, and residential addresses,” the FCA said.

Equifax Ltd did not find out that U.K. consumer data had been accessed “until 6 weeks after Equifax Inc had discovered the hack,” the FCA said. The U.K. arm wasn’t informed about the incident until “approximately five minutes before it was announced by the American parent company. This meant Equifax was unable to cope with complaints it received when the incident was announced and led to delays in contacting UK customers,” the watchdog said.

Company officials told reporters that they had fully cooperated with the FCA’s investigation and invested $1.5 billion in cybersecurity improvements since the attack.

Equifax Inc. agreed in 2019 to pay at least $575 million to settle allegations about the incident brought by U.S. state and federal regulators. The U.S. government has accused four Chinese government hackers of carrying out the attack.

In 2018, Britain’s Information Commissioner’s Office separately fined Equifax Ltd £500,000 (then about $668,000) for violating data protection rules due to the 2017 incident.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Progress Software facing dozens of class action lawsuits, SEC investigation following MOVEit incident

Next Post

CDW investigating ransomware gang claims of data theft

Related Posts

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials

As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands
Read More