Equifax fined £11 million by financial watchdog over 2017 cyber attack
13 October 2023, 11:54
The credit rating giant failed to keep its customers safe during an ‘entirely preventable’ cybersecurity breach, the Financial Conduct Authority said.
The UK’s financial watchdog has fined Equifax £11 million for its role in one of the largest cyber attacks, which affected more than 13 million British consumers in 2017.
The credit rating giant failed to keep its customers safe during an “entirely preventable” cybersecurity breach, the Financial Conduct Authority (FCA) said.
The hack happened after Equifax’s UK arm outsourced customer data to its owner based in the US, Equifax Inc.
The company collects information on customers and produces credit reports, which can be used by lenders to assess whether to approve financing for things like mortgages, cars and credit cards.
Hackers were able to access information, from people’s names, dates of birth and phone numbers to partially exposed credit card details and home addresses.
The attack exposed millions of UK consumers to the risk of financial crime, the FCA said.
The regulator said Equifax failed to manage and monitor the data in the hands of its US owner, which it said had known weaknesses in its data security systems.
It said the firm only found out about the hack about five minutes before it was announced by the American owner, meaning it was unable to cope with an influx of customer concerns and complaints.
Therese Chambers, the FCA’s joint executive director of enforcement and market oversight, said: “Financial firms hold data on customers that is highly attractive to criminals. They have a duty to keep it safe and Equifax failed to do so.
“They compounded this failure by the ways they mishandled their response to the data breach.
“Regulated firms are on the hook, regardless of whether they outsource or not.”
Equifax said it has invested heavily in its cybersecurity systems since the hack.
Patricio Remon, Equifax’s president for Europe, said: “Equifax has co-operated with the FCA fully throughout this long-running investigation and has been recognised by the FCA for that co-operation, our transformation programme and the voluntary consumer redress exercise we implemented after the incident.
“Since the cyber attack against our company six years ago, we have invested over 1.5 billion US dollars (£1.2 billion) in a security and technology transformation.
“Few companies have invested more time and resources than Equifax to ensure that consumers’ information is protected.”
