Market News

Back

13 Oct 2023 | 10:16

FCA fines Equifax £11m over cybersecurity breach

(Sharecast News) - Credit checking agency Equifax has been fined more than £11m by the UK regulator following one of the largest cybersecurity breaches in history, it was confirmed on Friday. Equifax Inc, the firm's US parent, was hit by a cyber breach in 2017 that saw hackers gain access to the personal details of around 148m US consumers.

UK customers were also affected, however, because Equifax had outsourced data to the US for processing.

It meant the hackers were able to access the names, dates of birth, phone numbers, partially exposed credit card details, addresses and Equifax login details of 13.8m British consumers.

Imposing the £11.2m fine, the Financial Conduct Authority called both the cyberattack and unauthorised access "entirely preventable".

In particular, it noted there had been insufficient oversight of how the data Equifax was sending to the US was managed and protected, despite "known weaknesses" in Equifax Inc's data security systems.

Equifax found out about the breach six weeks after the hack was first discovered, and was informed just five minutes before it was publicly announced by Equifax Inc, leaving the UK arm unable to cope with the large number of complaints it received.

Equifax also gave an "inaccurate impression" of the number of consumers affected in its public statements, the FCA said.

Therese Chambers, joint executive director of enforcement and market oversight, said: "Financial firms hold data on customers that is highly attractive to criminals. They have a duty to keep it safe, and Equifax failed to do so."

"They compounded this failure by the ways they mishandled their response to the data breach. Regulated firms are on the hook, regardless of whether they outsource or not."

The fine would have been £15.95m but was reduced by 30% after Equifax agreed to resolve the matter. It also received a 15% credit for mitigation in acknowledgment of its high level of cooperation.

Equifax was fined £500,000 by the Information Commissioner's Office in 2018 over the breach.

Patricio Remon, president for Europe at Equifax, said: "Since the cyberattack...we have invested over $1.5bn in a security and technology transformation.

"We have built one of the world's most advanced and effective cybersecurity programmes."

Join Redmayne Bentley

Talk to us now about opening a new portfolio or transferring your portfolio from another provider

0113 243 6941

Contact your local office

Contact your local office to find out more

Website © Redmayne Bentley 2024
Redmayne Bentley LLP is a Limited Liability Partnership. Registered in England and Wales. Registered No: OC344361
Registered Office: 3 Wellington Place, Leeds LS1 4AP. VAT No: GB 165 8810 81. LEI: 213800S3IRIPK1R3JQ58
Members of the London Stock Exchange. Authorised and Regulated by the Financial Conduct Authority.

The value of your investments and the income from them may go down as well as up, and you could get back less than you invested.