Thousands of Gloucestershire residents may have suffered the loss of their personal data such as names, dates of birth, addresses, and telephone numbers following the widely-publicised Equifax data breach that took place between May and July last year.
In September, the Information Commissioner's Office (ICO) issued a fine of £500,000 on U.S. credit reference agency Equifax for failing to safeguard personal details of up to 15 million UK citizens which were compromised during the breach.
According to the ICO, investigators found significant problems with data retention, IT system patching, and audit procedures implemented by Equifax to safeguard personal and financial data of citizens. This was despite the fact that Homeland Security had warned Equifax Inc about a critical vulnerability in its systems as far back as March 2017.
"Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it. Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to today’s fine," said Information Commissioner Elizabeth Denham.
Over 65,000 Gloucestershire residents affected
According to a report from Gloucestershire Live, personal details of more than 65,000 Gloucestershire residents may have been stolen by hackers who attacked Equifax between May and July last year. This is because the Forest of Dean District Council "sells a full copy of the electoral register every year to Equifax as well as other credit firms" and such registers contain names, addresses, dates of birth, and telephone numbers of residents.
A Freedom of Information request recently revealed that the Council earned over £2,000 since 2012 by selling residents' data to Equifax and also earned £7,449 in the period by selling such data to other credit rating agencies.
The Council refused to confirm the possible loss of personal data of Gloucestershire residents, stating that no information has been received from Equifax so far.
After the massive data breach was first outed to the public, Equifax initially announced that the breach had affected fewer than 400,000 UK consumers. However, it later clarified that driving license numbers, Equifax usernames, passwords, email addresses and partial credit card details of 693,665 Britons and phone numbers of a further 167,431 Britons were compromised during the incident.
Equifax committed to helping affected UK customers by offering free social media monitoring alerts so that they were made aware of any publically available information about them. At the same time, Equifax said it would offer the affected people links to services provided by other UK regulated organisations which could help them protect their identities.
"We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward,” said Patricio Remon, President at Equifax Ltd.