News & Resources

Equifax data breach – 15 million UK residents’ data put at risk

  • Posted on

In 2017, Equifax, one of the world’s largest credit agencies, was the victim of a cyber-attack on its US systems. In the attack, a file was accessed which contained the private details of 146 million US citizens and 15 million UK citizens.

As the cyber-attack targeted records held by the company in the US, it mostly affected US customers. However, the records of approximately 15 million UK customers were stored in Equifax’s US systems and were thus put at risk by the attack.

Equifax identified approximately 841,000 UK customers whose data had been stolen by the hackers. Of these, 693,665 had sensitive information in the file that was accessed. A further 167,431 UK customers had their phone numbers accessed.

Equifax confirmed that all of these customers have now been contacted and offered identity protection products and services by the company.

The stolen data included names, addresses, dates of birth and some credit card numbers. For some individuals, their Equifax credit services account information may have been exposed.

In a press release issued by the credit agency, they said:

In early September 2017, Equifax Inc., our US parent company, announced it had been the victim of a criminal cyber-attack in May 2017. Although our UK business was not breached, the attack regrettably compromised the personal information of a range of UK consumers.

Equifax apologises unreservedly for any risks to consumers arising as a result of this criminal hack. We continue to work closely with law enforcement and other agencies as well as leading external advisers to learn lessons for the future.

The company initially claimed that only 400,000 UK customers had been mildly affected by the breach and that financial fraud was highly unlikely.

The incident led to the retirement of then CEO of Equifax Richard Smith as well as a swathe of senior executives.

Following the breach, Equifax were fined £500,000 by the Information Commissioners Office (ICO), which is the maximum permitted amount under the Data Protection Act 1998.

Equifax also agreed a £562m settlement with the US Federal Trade Commission in July 2019, on top of the £1.1bn the company had already spent in damages.

Our expertise with data breaches

Hayes Connor is home to one of the largest team of data breach claims specialists in the country. With a wealth of experience and an excellent track record of success, we can guide clients through dealing with any situation where personal data has been lost, stolen or otherwise exposed.

If your data has been exposed or potentially exposed in a data breach, you can take a look at our guide to what to do if your data has been stolen in a data breach.

You can find out more about our expertise and how we handle data breach claims here.

To see how we can help with a data breach, you can use our online claim form or speak to a member of our team by calling 0151 363 5895.

Find out how our experts can help you with your claim

Make a claim