Following a massive data breach that took place earlier this month, Equifax' CIO and CSO have stepped down from their posts.
Equifax has also announced that fewer than 400,000 UK consumers were affected by the breach and that it will be offering a range of services to help 'safeguard and reassure them' from potential threats.
Earlier this month, credit rating agency Equifax announced that it had suffered a major data breach that compromised details of millions of customers, including credit card details of over 209,000 citizens.
Hackers had also accessed personal identifying information for approximately 182,000 U.S. consumers that included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
Even though Equifax holds personal and financial data of over 44 million British nationals, the company has now announced that the number of affected Brits is around 400,000. Even though physical addresses, passwords and financial data of the 400,000 Brits are still secure, hackers were able to access their names, dates of birth, email addresses, and telephone numbers.
Equifax has also announced that it is making several personnel changes following its initial assessment of the data breach. The Chief Information Officer and the Chief Security Officer have now resigned and have been replaced with interim heads. It has also been reported that Susan Mauldin, the former CSO at Equifax, majored in music composition from the University of Georgia.
Mark Rohrwasser, who previously headed Equifax’s International IT operations, has now been appointed as the interim Chief Information Officer. Russ Ayres, previously VP of IT organization at Equifax, replaces Mauldin as interim Chief Security Officer. He will report to Rohrwasser until a full-time CIO is appointed by the company.
"Having concluded the initial assessment Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them," said the company in a statement to the press.
"Due to the nature of the information, Equifax believes identity takeover is unlikely for the UK consumers who had their data potentially accessed in this incident.
"It is however important that Equifax does all that it can to provide reassurance and protection to these people and it will be proactively contacting impacted customers in writing to offer them a free comprehensive identity protection service which will allow them to monitor their personal data, including their credit information and be alerted to any potential signs of fraudulent activity," it added.
Affected UK customers of Equifax will receive free social media monitoring alerts so that they are made aware of any publically available information about them. At the same time, Equifax will offer the affected people links to services provided by other UK regulated organisations which may help them protect their identities.
We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward,” said Patricio Remon, President at Equifax Ltd.
Following the incident, the Information Commissioner's Office expressed concern about the potential impact of the data breach on UK citizens. The ICO is now working with the agency to obtain more information about how much data was impacted by the breach.
"We will be advising Equifax to alert affected UK customers at the earliest opportunity. In cyber-attack cases that cross borders the ICO is committed to working with relevant overseas authorities on behalf of UK citizens," said James Dipple-Johnstone, ICO deputy commissioner after the data breach was announced to the public by Equifax.