The UK Division of Equifax Incorporated, one of the world’s largest credit reference companies, received a fine of £500,000 for its failure to protect the personal information of up to 15 million people in Britain as a result of a cyber attack that occurred between May 13 and July 30, 2017.
From its Atlanta (US) headquarters, Equifax confirmed its UK office received the Monetary Penalty Notice from the Information Commissioners Office (ICO) on Wednesday and that it was reviewing the sanction and its response.
Following the delivery of the notice, the ICO issued a statement saying its investigation found that although Equifax systems in the United States were compromised, the UK office (Equifax Limited) was responsible for the personal information of its customers in Britain.
The notice went on to state that the U.K. company failed to take the necessary steps to ensure its American parent company, Equifax Inc, which was processing the data on its behalf, was protecting the information.
The ICO investigation, carried out in parallel with the Financial Conduct Authority, revealed various shortcomings at the company, which led to personal information being retained for longer than necessary and vulnerable to unauthorised access.
The personal information, lost or compromised, ranged from names and dates of birth to addresses, passwords, driving licenses and financial details.
The ICO ruled that Equifax contravened five out of eight data protection principles of the Data Protection Act 1998, including failure to secure personal data, poor retention practices and lack of legal basis for international transfers of UK citizens’ data. The ICO further ruled that measures that should have been in place to manage the personal information were inadequate and ineffective. Investigators found significant problems with data retention, IT system patching and audit procedures.
Does your business handle customer information like names, dates of birth and financial details?
Could your business handle the costs and inconvenience of an ICO investigation?
Insurance can cover the costs associated with an investigation, which gives you one less thing to worry about, and more time to focus on growing your business. Contact us on firstname.lastname@example.org and we would be only too happy to assist you.