October 16, 2023 at 08:24AM
The UK Financial Conduct Authority (FCA) has fined Equifax Ltd, the UK arm of Equifax Inc, more than £11 million over the 2017 data breach. The cyberattack impacted approximately 147 million people, including 13.8 million UK consumers. The FCA found that Equifax Ltd failed to properly manage and monitor the security of UK consumer data and had weak data security systems. Equifax also mishandled complaints and gave inaccurate information to consumers. The FCA originally intended to fine Equifax nearly £16 million. In 2019, Equifax agreed to pay up to $700 million in a settlement related to the breach.
Key Takeaways from Meeting Notes:
1. The Financial Conduct Authority (FCA) has fined Equifax Ltd, the UK arm of Equifax Inc, £11 million for the 2017 data breach.
2. The data breach impacted approximately 147 million people, including 13.8 million UK consumers.
3. Hackers gained access to Equifax servers in the US, and the US government indicted four members of China’s People’s Liberation Army (PLA) for hacking Equifax.
4. The cyberattack occurred from May 13, 2017, to July 29, 2017, but Equifax only announced it on September 7.
5. The FCA found that Equifax Ltd failed to properly manage and monitor the security of UK consumer data outsourced to its US parent company.
6. Names, addresses, phone numbers, dates of birth, Equifax membership login details, and partial credit card details were exposed in the breach.
7. Equifax’s data security systems had known weaknesses, and the UK arm failed to take appropriate action to protect customer data.
8. Equifax Ltd learned about the compromised UK consumer data six weeks after discovering the hack and mishandled complaints.
9. Equifax provided inaccurate information about the number of UK consumers affected by the breach.
10. The FCA originally intended to impose a fine of nearly £16 million, but the final fine was set at £11 million.
11. In 2019, Equifax agreed to pay up to $700 million to settle charges related to the breach, and in 2020, a US court ordered a minimum of $1 billion investment in data security improvements.
12. There have been other data breach settlements, including a $16 million settlement with Experian and T-Mobile and an $8.1 million settlement with Accellion over a data breach.