UK regulator fines Equifax £500,000 for failing to protect data of millions
20 Sep 2018

The United Kingdom’s Information Commissioner’s Office (ICO) has fined US-headquartered Equifax £500,000 after it failed to protect the details of up to 15 million UK citizens during a cyber attack.

The incident, which happened between 13 May and 30 July 2017 in the US, affected 146 million customers globally.

The ICO’s probe, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency which led to personal information being retained for longer than necessary and vulnerable to unauthorised access, the ICO said.

The investigation was carried out under the Data Protection Act 1998, rather than the current GDPR, as the failings occurred before stricter laws came into force in May of this year.

The fine issued is the maximum allowed under the previous legislation.

Elizabeth Denham, Information Commissioner said: “We are determined to look after UK citizens’ information wherever it is held.

“Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”

In a statement, Equifax said: “The criminal cyberattack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk.

“Data security and combatting criminal digital activity is an ongoing battle for all organisations that requires continued innovation and attention. We have acted and continue to act to make things right for consumers.”

You can claim CPD minutes for reading this article, by signing up to our CPD Wallet

FREE CPD Wallet
Must Read

The perfect AML programme: A ten point guide

Does the ‘perfect’ path to anti-money laundering (AML) exist? The quest for the perfect plan can be traced back to criminals causing immeasurable damage for many economies through money laundering. In response, governments are continuously trying to fight back, issuing a raft of rules and penalties for financial institution (FIs)… Read More

How Rabobank’s compliance unit ended up in hot soup again

Anti-money laundering expert and former undercover agent Robert Mazur has picked out some interesting aspects of the worrisome role compliance officers played in the Rabobank money laundering scandal in the US, which resulted in the bank being fined hundreds of millions of dollars and its top… Read More