FCA penalizes Equifax £11 million for involvement in data breach

Home > Industry Analysis > Content

【Summary】Equifax has been fined £11.2m by the FCA for failing to protect UK consumer data in a cyber-security breach. Hackers accessed the personal data of approximately 13.8 million UK consumers due to Equifax's failure to properly manage and monitor their data security. The FCA stated that Equifax did not provide sufficient oversight and failed to take appropriate action to protect customer data. The company has cooperated with the investigation and claims to have invested heavily in security measures.

FutureCar Staff Oct 13, 2023 6:18 AM PT

FCA penalizes Equifax £11 million for involvement in data breach

The Financial Conduct Authority (FCA) has imposed a fine of £11.2m on Equifax for its failure to adequately manage and monitor the security of UK consumer data that it had outsourced to its US-based parent company.

This breach resulted in hackers gaining access to the personal data of millions of individuals, thereby exposing UK consumers to the risk of financial crime.

In 2017, Equifax's parent company experienced one of the largest cybersecurity breaches in history, which allowed cyber-hackers to access the personal data of approximately 13.8 million UK consumers. This breach occurred because Equifax had outsourced the data to Equifax Inc's servers in the US for processing.

The personal data that was accessed by the hackers included names, dates of birth, phone numbers, Equifax membership login details, partially exposed credit card details, and residential addresses.

The FCA has stated that Equifax failed to provide adequate oversight regarding the management and protection of the data it was sending. Additionally, it highlighted the known weaknesses in Equifax Inc's data security systems and the failure of Equifax to take appropriate action to protect UK customer data.

Therese Chambers, joint executive director of enforcement and market oversight, emphasized the importance of financial firms safeguarding customer data, stating that Equifax had failed in this regard. She also stressed the need for firms to maintain the highest standards in data protection due to the continuous risk of identity theft.

Patricio Remon, president for Europe at Equifax, acknowledged the company's cooperation with the FCA throughout the investigation. He highlighted Equifax's transformation program and the voluntary consumer redress exercise implemented after the incident. Remon also mentioned that Equifax has invested over $1.5 billion in security and technology transformation since the cyberattack, positioning the company's cybersecurity program among the most advanced in the world.