The Information Commissioner’s Office (ICO) is to fine Equifax £500,000 over failing to protect the personal data of 146 million people.
The credit reporting agency faced a major cyber attack in 2017 which exposed personal information belonging to 146 million Equifax customers worldwide, including 15 million Britons.
ICO says Equifax’s UK branch “failed to take appropriate steps” to protect UK citizens’ personal data, despite previous warnings.
The agency was warned about security vulnerabilities within its systems by the US Department of Homeland Security in March last year.
Nevertheless, Equifax still failed to take appropriate steps to fix the issues.
ICO and the Financial Conduct Authority investigated the breach, finding that it affected the following three groups:
- 19,993 UK data subjects had names, dates of birth, telephone numbers and driving licence numbers exposed
- 637,430 UK data subjects had names, dates of birth and telephone numbers exposed
- up to 15 million UK data subjects had names and dates of birth exposed.
Equifax is to be fined £500,000 over the breach taking place before the launch of the EU’s General Data Protection Regulation (GDPR) in May this year – the highest GDPR fine possible.
Written by Leah Alger