Consumer credit reporting agency Equifax was hit by a 'mega-breach' discovered in July 2017 which has hit 700,000 U.K. consumers.
Files containing a monumental 15.2 million U.K. data records between 2011 and 2016 were illegally accessed.
Hackers were able to steal information for months after technicians at Equifax Inc failed to apply vital security patches to known-vulnerabilities. Around 145 million U.S. customers were also hit by the data breach as well as the 700,000 U.K. victims.
Patricio Remon, European President of Equifax Ltd, expressed his "sincere personal apologies to anyone who has been impacted by this incident". As a financial reporting agency who collect and aggregate data for over 800 million individual consumers and 88 million businesses worldwide, Equifax are expected to uphold the highest standards when it comes to cybersecurity; yet hackers were able to break into their systems with relative ease off the back of a well-known and highly publicised security flaw.
This is a serious breach that should have been prevented. Share values reportedly dropped by 14% after news broke of the breach, and there are reports of suspicious share sales just before the scandal emerged in the news as well...
A wealth of data has been hacked - we're talking 15.2 million data records for almost 700,000 U.K. customers. This is a mega-breach that could easily go down in the history books.
Some 9,725 partially-redacted unique credit card numbers were accessed, as well as 29,188 driving license numbers. This is worrying news.
14,961 victims had their Equifax membership details like usernames, passwords, secret questions and answers, and partial credit card details exposed, with 637,430 phone numbers accessed and 12,086 email addresses associated with Equifax accounts hacked.
Combinations of the stolen data can easily arm scammers, fraudsters, and phishers with enough information to do serious harm. With the largest hacked file containing 14.5 million data records, the Equifax data breach UK is set to go down in history as one of the worst data hacks.
Who is affected by the Equifax data breach?
Following the Equifax data breach, they initially thought the hacked data was limited to the 145 million U.S. customers given the data was stolen from servers in America. However, they later admitted that around 300,000 U.K. customers were also affected, but this figure quickly grew to 400,000 in a press release in September.
In a letter to the FCA, Equifax eventually admitted the actual figure was more than double what they originally thought, having identified 693,665 U.K. customers affected.
After the Equifax data breach in the UK, Equifax acknowledges there are victims at the "highest risk of identity theft" given the nature of the information stolen.
With such sensitive information from a credit reporting company being accessed for a prolonged period of time, there is a real risk of serious crimes being committed against Equifax data breach UK victims, such as:
As we often warn, even a little information can go a long way for a fraudster. With the wealth of highly sensitive financial and personal information stolen, victims of the UK Equifax data breach are at a real risk of serious financial crimes committed against them.
The .K.'s Financial Conduct Authority (FCA), who regulate the U.K. company Equifax Limited, said:
"Credit reference agency firms are subject to the high level principles of the FCA regulatory regime, which include requirements on treating customers fairly and on ensuring adequate risk management, systems and controls. They are also subject to relevant data protection legislation which is enforced by the Information Commissioner's Office (ICO)."
With the wealth of highly sensitive financial and personal information stolen, victims of the UK Equifax data breach are at a real risk of serious financial crimes committed against them.
The U.K.'s Financial Conduct Authority (FCA), who regulate the U.K. company Equifax Limited, said:
"Credit reference agency firms are subject to the high level principles of the FCA regulatory regime, which include requirements on treating customers fairly and on ensuring adequate risk management, systems and controls. They are also subject to relevant data protection legislation which is enforced by the Information Commissioner's Office (ICO)."
Suspicious activity was discovered by Equifax Limited's parent company, Equifax Inc, on 29 July 2017, and they hired cybersecurity firm Mandiant to investigate the concerns.
What they found was harrowing...
Equifax blamed the hack on a "combination of human error and technological error" after a technician failed to apply a security patch for the "CVE-2017-5638" vulnerability discovered in March 2017. On top of that, security scanners failed to detect the vulnerability remained.
It has since been discovered that hackers had access to the database between mid-May and the end of July - a period of around ten weeks where private and sensitive information was dangerously exposed.
In a letter to the U.K.'s Chair of the Treasury Committee, Equifax admitted the hack was caused by the "failure of Equifax Inc personnel to apply an upgrade to the Equifax Inc US consumer dispute portal in March 2017. The technological error involved a scanner which failed to detect the vulnerability on this particular portal after the upgrade should have been made".
In terms of how U.K. victims have been caught up in the Equifax data breach, it has been described as a "process error" that led to historic U.K. customers' information being retained in the U.S. after customer identity validation checks were carried out. This in itself may amount to a data breach, and we're investigating what right the U.K. arm of the company had to transfer U.K. customer information to the U.S. parent company, Equifax Inc.
The U.K.'s Financial Conduct Authority (FCA) and Information Commissioners' Office (ICO) are working together to investigate the data breach, and have already raised concerns over how Equifax handled the discovery of the breach and the delay in warning authorities and consumers. Astonishingly, the U.K. regulators were only made aware of the breach via the media on 8th September 2017 because Equifax failed to warn them.
It's further understood that Equifax set up a bespoke "breach notification" website for customers to check if they were affected. However, internet security software deemed the site to be a potential "phishing site", creating further confusion and concern for victims involved.
But things got worse...
The site set up by Equifax, named "equifaxsecurity2017.com", was deemed by cybersecurity experts to be a risky move, and to prove a point, a researcher set up a website with a similar domain, named "securityequifax2017.com". His point was catastrophically proven when even the official Twitter account for Equifax inadvertently linked people to the wrong site; i.e. the dummy site set up by the researcher, resulting in further backlash from angered victims.
To press home the point, the fake webpage headline stated:
"Cybersecurity Incident & Important Consumer Information which is Totally Fake, why did Equifax use a domain that's so easily impersonated by phishing sites?"
With Equifax already acknowledging that the biggest risk to victims is phishing scams, the creation of the website has been heavily criticised. Their eventual move to notifying victims by post welcomed by regulators in efforts to prevent people falling victim to electronic phishing scams arising from the breach.
Are you looking to claim for Equifax compensation in the UK? Our team is representing a number of people affected by the Equifax Data Breach. If you've been affected by the Equifax hack, contact us today for help and advice.
We're aware that Equifax are offering a "free comprehensive ID protection service" to some victims, which we find is a standard offer nowadays off the back of major data breaches. You may be entitled to financial compensation as a victim of the Equifax breach as well, especially if you've been targeted by fraudsters.
Our team are incredibly worried about the phishing scams and fraudulent activity that typically follows a breach of this nature. A number of TalkTalk hack victims were contacted by scammers who had enough information about their accounts to convince them they were calling from TalkTalk, and thousands of pounds were consequently stolen.
Equifax acknowledges that many victims risk "unwanted cold calling" like we saw after the TalkTalk hack. Whilst they say that any complaints will be "investigated fairly and promptly" with the aim to provide fair treatment to victims involved, we understand they're not looking at compensation for victims.
This is usual, and that's where we come in.
We're investigating the hack and we believe there is a case to answer for. Equifax has clearly failed to secure sensitive information, and we'll be taking issue with the data of U.K. victims being moved abroad.
We've already accepted cases and we may be able to help you too. Our team have years of experience at the forefront of data protection compensation, having helped victims of the infamous 56 Dean Street clinic leak as well as helping victims of well-known hacks similar to the Equifax Breach, such as the TalkTalk hack and the Three hack.
You have rights as a victim, and we may be able to help you claim for data leak compensation.
We're here to help, and if you would like free and confidential advice as an affected victim of the breach, please call us on 0800 634 7575 or send us a message by contacting us here.
Our work is extremely important. We all have a right to privacy; and our rights when it comes to how our personal data and information is used and handled is enshrined in law. But for too long now organisations have flouted their duties and people have become the victims of widespread scandals where personal information that is sensitive and confidential has been leaked to people who should never have seen it.
We help the victims to obtain the justice that they deserve.
We can pursue your claim on a genuine No Win, No Fee agreement.
We can fight for your rights as a victim of a data breach, leak, hack, or where your information has been misused.
We are leading data compensation lawyers representing thousands of clients for claims.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
We offer free, no-obligation legal advice and No Win, No Fee legal representation – Start Your Claim Now!
If you have been the victim of a data breach from any private or public organisation, then we can help. Whether it's your employer, the NHS, the police, a local authority, or a website you use, we can help you claim the compensation you deserve.
Our clear and simple process:
You can speak to the team by phone, or message us with your enquiry now. You can arrange a call back for a time and date that suits you.
We can usually assess your claim in a matter of minutes and get the case started without delay.
We can quickly launch your claim for data breach compensation. Start your claim today.
As your claim moves forward we can keep you updated.
The Data Leak Lawyers have represented substantial cohorts of claimants in Group Litigation Order actions. Aside from our work in multi-party claims, we also represent considerable numbers of individual claimants that range from medical data leaks to council and social services data breaches.
Some of these cases are particulary sensitive. As a firm of lawyers who also take forward large numbers of complex and serious data protection breach compensation claims, we can offer a network of legal experts from our in-house staff to the Barristers we have close relations with, and indeed the lawyers and firms we work with around the world.
The combination of expertise in data compensation and mass consumer actions allows you the confidence to know that we are dedicated to the fight for justice.
If your personal information has been leaked or mishandled, you could be eligible to claim compensation through a data breach lawsuit.In today's interconnected digital world, data breaches are an ...
Our firm, The Data Leak Lawyers, previously secured a substantial settlement of 9,000 in damages for a client whose personal data was shared unnecessarily.This case involved a clear breach of da...
If your data has been breached, you may have the right to claim compensation for the financial and emotional damage caused.In todays digital world, data breaches are becoming more frequent, lea...
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.