Equifax, one of the leading credit reference agencies (CRAs) within the UK, has been fined half a million pounds for failing to safeguard the personal data of up to 15 million people. The data in question includes a variety of identifying details, including names, dates of birth and more, and relates to a cyber attack that took place in 2017.
In September 2017, Equifax revealed that it had been targeted by a major cyber attack, leading to a large-scale security breach. This breach resulted in lost or compromised personal data, which included names, dates of birth, driving licence numbers, addresses, and even financial information. Though up to 15 million people within the UK were affected, the incident that dates back to May 13th and July 30th last year was revealed to have affected around 146 million customers around the world.
The Information Commissioner's Office (ICO) led an investigation into the breach. The ICO is responsible for investigating serious failures on the part of a company to safeguard customer data. This investigation revealed how "multiple failures" within the company had resulted in an unavoidable loss of customers' personal data.
Blaming the incident on a "website application vulnerability", something that doesn't usually take a great deal of skill to exploit, Equifax remained vague on the specifics of the attack until the ICO publicly revealed its findings recently. The ICO explained how Equifax's UK-based arm had not taken the necessary steps to check that its US-based parent company was properly protecting its customer information.
"Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law."
Alternatives to Equifax
Equifax is one of the top 3 credit reference agencies operating within the UK, with the other major players being Experian and CallCredit. Competition is virtually non-existent at this level, though some companies that provide free services are on the rise.
Noddle and ClearScore are two alternatives that currently provide free services that are regularly-updated. They use the same data provided by the leading 3 companies, but don't expect you to sign up for lengthy subscription models to pay for access.
Should you be concerned?
Unlike smaller-scale breaches, it's unlikely that the data harvested in this breach will affect you. With 146 million global customers affected, and 15 million within this country alone, it's extremely unlikely that you'll have any comeback even if your data is affected. There's also no means of changing the data stolen, such as addresses, driving licence numbers, and dates of birth or names.
The best thing you can do is to maintain your own personal security, exercising caution when browsing online, accessing emails or connecting to Wi-Fi hotspots when on the go. If you have any questions or concerns about your personal security, then you can call WiseGuys on 0808 123 2820 for tailored advice.