About 400,000 British clients may have had their information stolen following the Equifax data breach, a credit rating firm. The news was reported by the UK division of the firm.
About 400,000 British clients may have had their information stolen following the Equifax data breach, a credit rating firm. The news was reported by the UK division of the firm.The recent Equifax data breach that affected approximately 143 million U.S. consumers, is now revealing more information on the attack. An investigation by the UK division has concluded that 40,000 Britons were impacted due to a ‘process failure’ in 2016. There was an illegal access to limited personal information for certain UK consumers, but hackers showed mercy in not accessing financial data or credentials. The recent attack as such did not affect U.K. systems, but the information was accessed because of this ‘process failure’. The attackers exploited the CVE-2017-5638 Apache Struts vulnerability that was fixed back in March, but the company did not update its systems. Equifax alerted the public about the cyber attack on 7 September. According to Equifax UK: “Regrettably, the investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.The information was restricted to Name, date of birth, email address and a telephone number, and Equifax can confirm that the data does not include any residential address information, password information or financial data.” “Having concluded the initial assessment, Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.”According to Equifax, the stolen data does not include “any single Equifax business clients or institution.”The Information Commissioner’s Office (ICO) insisted Equifax to alert UK customers following the incident.ICO deputy commissioner, James Dipple-Johnstone said that:“Reports of a significant data loss at US-based Equifax and the potential impact on some UK citizens gives us cause for concern. We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised.” “We will be advising Equifax to alert affected UK customers at the earliest opportunity. In cyber-attack cases that cross borders, the ICO is committed to working with relevant overseas authorities on behalf of UK citizens.”Equifax will be notifying the affected UK customers with a free identity protection service.The service will ensure there are no traces of suspicious activity about possible misuses of victim’s data, including monitoring of the web and social media information.Patricio Remon, Europe president at Equifax Ltd apologized to the customers: “We apologize for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.” The Cyber security experts at Equifax are still investigating to know in depth.