FCA fines Equifax £11 million for involvement in data breach

Home > Industry Analysis > Content

【Summary】Equifax has been fined £11.2m by the FCA for its failure to protect UK consumer data during a cyber-security breach. Hackers gained access to the personal information of approximately 13.8 million UK consumers after Equifax outsourced data processing to its US parent company. The FCA found that Equifax failed to adequately manage and monitor the security of the outsourced data. The breach exposed UK consumers to the risk of financial crime.

FutureCar Staff Oct 13, 2023 9:23 AM PT

FCA fines Equifax £11 million for involvement in data breach

The Financial Conduct Authority (FCA) has imposed a fine of £11.2m on Equifax for its failure to adequately manage and monitor the security of UK consumer data that it had outsourced to its parent company in the US. This breach resulted in hackers gaining access to the personal data of millions of individuals, exposing them to the risk of financial crime.

In 2017, Equifax's parent company experienced one of the largest cybersecurity breaches in history. The breach was made possible because Equifax had outsourced data to servers owned by Equifax Inc in the US for processing. As a result, approximately 13.8 million UK consumers had their personal data compromised.

The data accessed by the hackers included names, dates of birth, phone numbers, Equifax membership login details, partially exposed credit card information, and residential addresses. The FCA has determined that Equifax failed to provide sufficient oversight and protection for the data it was sending to its parent company.

The FCA also highlighted the known weaknesses in Equifax Inc's data security systems and criticized Equifax for not taking appropriate action to protect the data of its UK customers. The incident serves as a reminder of the increasing threat of cyber crime, which has been a major concern for businesses in recent years.

Therese Chambers, joint executive director of enforcement and market oversight at the FCA, emphasized the importance of financial firms safeguarding customer data. She stated that Equifax's failure to do so, along with their mishandling of the response to the breach, was unacceptable. Chambers stressed that regulated firms are responsible for data protection, regardless of whether they outsource or not.

Equifax's president for Europe, Patricio Remon, acknowledged the cooperation between Equifax and the FCA throughout the investigation. He also highlighted the company's investment of over $1.5 billion in security and technology transformation since the cyberattack six years ago. Remon claimed that Equifax has built an advanced cybersecurity program and has consistently ranked highly in terms of its ability to protect networks, information, and systems.