Equifax data breach: File containing details of 15.2m Brits lost to hackers

Equifax data breach: File containing details of 15.2m Brits lost to hackers

IICSA fined £200,000 for human error that exposed identities of child abuse victims

The Equifax data breach compromised personal information of nearly twice as many British citizens than the credit rating agency initially let on.

Equifax has confirmed that personal details of nearly 700,000 customers in the UK were compromised by hackers behind the breach.

Last month, U.S. credit rating agency Equifax revealed that it had suffered a major data breach that compromised details of millions of customers, including credit card details of over 209,000 citizens.

Out of 44 million British nationals whose personal and financial data were stored by Equifax, the company then announced that nearly 400,000 were affected. Even though physical addresses, passwords and financial data of the 400,000 Brits were secure, hackers were able to access their names, dates of birth, email addresses, and telephone numbers.

However, a forensic investigation commissioned by Equifax on the data breach has now come up with startling results. The investigation has revealed that the data breach affected as many as 693,665 customers in the UK, with hackers accessing their email addresses, passwords, driving license numbers, and phone numbers.

Equifax revised the number of affected UK citizens after investigators discovered that hackers got their hands on another file which was previously considered secure. The file contained records for as many as 15.2 million Britons dating between 2011 and 2016.

According to revised figures shared by Equifax, hackers behind the breach accessed phone numbers of 637,430 Britons, driving license numbers of 29,188 Britons, Equifax usernames, passwords, and partial credit card details of 14,961 Britons, and email addresses for 12,086 Britons.

'Today Equifax can confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. Regrettably, this file contained data relating to actual consumers as well as sizeable test datasets, duplicates and spurious fields,' said the agency in its latest public announcement on the breach.

Adding that the affected 693,665 UK consumers are being contacted by post, the agency added that the balance of the 14.5m records potentially compromised may contain the name and date of birth of certain UK consumers.

“Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act. Let me take this opportunity to emphasise that protecting the data of our consumers and clients is always our top priority," said Patricio Remon, President for Equifax UK.

"It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed.

"I urge anyone who receives a letter from Equifax to take advantage of the remedial services being offered to help mitigate against any risk, or to contact us should you have any questions," he added.

Affected customers who have had their phone numbers accessed will be offered a leading identity monitoring service for free and those who had other personal details accessed will receive Equifax Protect, an identity protection service which monitors personal data, for free.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles