Equifax (finally) confirms that 400,000 Brits have been caught up in data breach but claims that the UK information spilled isn’t enough to perpetrate identity theft
Credit reference agency Equifax has finally confirmed that the accounts of almost 400,000 British people were caught up in its US systems data breach this summer, which saw the details of as many as 143 million Americans compromised.
The breach, which is believed to have started in mid-May and was only uncovered at the end of July, has affected about 44 per cent of the country’s adult population, leaving them open to the risk of identity theft.
It was rumoured that the details of a number of British people might have been compromised at the same time. Now, Equifax has finally come clean.
In a statement tonight, it claimed that its systems in the UK were not affected by the breach, but that due to a “process failure” some UK consumer information was nevertheless compromised.
“The investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016,” it admitted in the statement.
It continued: “The information was restricted to: Name, date of birth, email address and a telephone number, and Equifax can confirm that the data does not include any residential address information, password information or financial data.
“Having concluded the initial assessment Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.”
The company claims that the information contained in the files is likely to be insufficient for the purpose of identify theft, but will offer “free comprehensive identity protection service” to those affected, which will also include “web and social media monitoring alerting the consumer to any publically available information about them”.
It’s not clear whether these offers will come with strings attached, as in the US, which effectively barred recipients from suing the company for damages.
The scale of the breach is so great that the CEO, Richard Smith, has been called to testify before a congressional committee next month, while one US lawmaker has likened it to the Enron scandal.
Security guru Bruce Schneier, meanwhile, has once again suggested that the hack demonstrates why IT security requires Sarbanes-Oxley-style government regulation .
