‘Process failure’ led to UK data being held in US, company said.
Equifax has provided more detail on its giant cybersecurity breach, confirming that data on around 400,000 UK consumers may have been accessed too.
Last week Equifax — one of the biggest credit rating agencies — revealed it has suffered a giant data breach. It said the details of as many as 143 million US consumers had been accessed by hackers, who exploited a flaw in the firm’s systems.
The data accessed included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. The company also said that credit card numbers for around 209,000 US consumers, and documents with personal identifying information for approximately 182,000 US consumers, was also accessed.
At the time the company also said it had identified unauthorized access to limited personal information for certain UK and Canadian residents.
Now Equifax Ltd — the company’s UK arm — has said that while its systems were not affected and are “entirely separated” from those impacted by the Equifax Inc cybersecurity incident, data on around 400,000 UK consumers may have been accessed.
In a statement it said that a file containing UK consumer information “may potentially have been accessed”. The company said this was due to a “process failure”, which led to a limited amount of UK data being stored in the US between 2011 and 2016.
This data included customer names, dates of birth, email addresses and a telephone numbers, but Equifax said the data did not include any residential address information, password information or financial data.
Equifax said that due to the nature of the information it believes identity takeover is unlikely for UK consumers who potentially had their data accessed in this incident.
But it said it would be offering a free comprehensive identity protection service to affected consumers, which will allow individuals to monitor their personal data, including their credit information and be alerted to any potential signs of fraudulent activity.
Patricio Remon, President at Equifax Ltd. said: “We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.”
The investigation is ongoing and Equifax Ltd said it is “in dialogue” with the Financial Conduct Authority and Information Commissioner’s Office.