, ,

Equifax UK data breach: what did the investigators find?

data breach solicitors

In 2017, a cybersecurity incident at Equifax resulted in hackers stealing the personal data of up to 143 million US citizens’ and 15 million Brits. Following an investigation into the Equifax UK data breach, The Information Commissioner’s Office (ICO) has now fined Equifax £500,000.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

But what failures were uncovered during the investigation, and what can you do if your details were put at risk by Equifax?

What did the Equifax UK data breach investigation find?

The ICO investigation, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency. For example,

  • Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data
  • Measures which should have been in place to manage the personal data were found to be inadequate and ineffective
  • There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access
  • The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken meaning a consumer-facing portal was not appropriately patched.

The Information Commissioner, Elizabeth Denham, said Equifax showed a “series disregard” for its customers and their personal information. She also said that: “The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce.

“This is compounded when the company is a global firm whose business relies on personal data.

“We are determined to look after UK citizens’ information wherever it is held. Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”

What can you do following the Equifax UK data breach?

Hayes Connor Solicitors has launched an Equifax UK data breach group action claim as millions of people seek to hold the business to account. This is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Find out more about group actions.

While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply