Reputed credit rating firm Equifax has been slapped with a whopping fine of £500,000 as it was unable to protect user data during a cyber-attack that affected 15 million UK citizens by the ICO or Information Commissioner’s Office. The cyber-attack which affected nearly 146 million people around the globe was carried out in 2017 and was possible due to storage of users’ personal information for a long time than was necessary thereby making them vulnerable to exposure. During early stages of the investigation Equifax had stated that only 400,000 Britons had been exposed to the breach but later stated that data of nearly 700,000 had been hacked.
During investigation of the breach by ICO and Financial Conduct Authority it was found that the breach affected three distinct groups in different way such as details like names, birth dates, telephone numbers and driving license of 19993 Briton subjects were exposed, names, birth dates, telephone numbers and driving license of 637430 Briton subjects were exposed and names and birth date details of around 15 million UK citizens were exposed.
The hefty fine was imposed on Equifax as it did not take timely action to secure the personal details of people in its database despite receiving warning from the US Dept. of Homeland Security during early 2017 about critical vulnerability in its security firewall system. The investigation was carried out by ICO under UK’s Data Protection Act of 1998 as the breach occurred just before launch of EU’s General Data Protection Regulation. Speaking about the breach information commissioner Elizabeth Denham stated that incidents like these undermine peoples’ confidence in digital commerce and problem gets magnified when it involves a global firm based on personal data. Equifax’s spokesperson said that though the firm was disappointed with the stiff penalty it has now implemented several measures to prevent recurrence of such activities in the future.