Britain’s financial watchdog has fined consumer credit rater Equifax 11 million pounds for its role in “one of the largest” cyber security breaches in history.
The Financial Conduct Authority (FCA) said that in 2017, Equifax’s parent company, Equifax in the United States, was subject to one of the biggest cyber security breaches in history when the personal details of as many as 147.9 million US consumers were accessed during the hack.
The FCA said the hackers could also access the personal data of 13.8 million UK consumers because the data was stored on company servers in the United States.
Equifax had outsourced data such as names, dates of birth, Equifax membership login details, partially exposed credit card details, and addresses.
“The cyber attack and unauthorized access to data was entirely preventable,” the FCA said in a statement, adding that it exposed UK consumers to financial crime risk.
Equifax said it has cooperated fully with the FCA throughout the long-running investigation.
“Since the cyber attack against our company six years ago, we have invested over US$1.5 billion ($2.4 billion) in a security and technology transformation,” said Patricio Remon, president of Europe at Equifax.
“Few companies have invested more time and resources than Equifax to ensure that consumers’ information is protected,” Remon said.
The FCA said the UK arm of Equifax found out that consumer data had been accessed six weeks after the parent company discovered the hack, the FCA said.
“There were known weaknesses in Equifax Inc’s data security systems and Equifax failed to take appropriate action in response to protect UK customer data,” it said.
The FCA said that Equifax’s fine was discounted after it agreed to resolve the matter and cooperate to a high level with the watchdog.
Britain’s Information Commissioner’s Office fined Equifax Ltd 500,000 pounds in 2018.
