The UK’s Financial Conduct Authority (FCA) has announced a hefty fine of £11 million (€12.7 million / $13.4 million) against consumer credit rating giant, Equifax Ltd. This fine comes as a repercussion to a historic cyber breach in 2017, which is considered one of the largest in history. The US parent company, Equifax Inc, was the target of this cyber-attack where personal details of nearly 147.9 million U.S. consumers were compromised.
Interestingly, this breach also affected about 13.8 million UK consumers. The reason? Their personal data was stored on the company servers located in the US. Information like names, birth dates, login details, partially exposed credit card details, and addresses were accessed by the hackers. The FCA pointed out that this cyberattack and unauthorized access to data could have been prevented, thus avoiding this massive exposure of UK consumers to possible financial crimes.
Equifax, on its part, stated that it cooperated fully with the FCA throughout the investigation. Patricio Remon, president for Europe at Equifax, noted that since the cyberattack six years ago, the company has invested over $1.5 billion in a security and technology transformation. However, the FCA found that despite known weaknesses in Equifax Inc’s data security systems, the company failed to take suitable action to protect UK customer data.
The fine imposed on Equifax was discounted after it agreed to resolve the matter and cooperate fully with the watchdog. This isn’t the first time Equifax Ltd has been fined – Britain’s Information Commissioner’s Office had previously slapped them with a £500,000 fine in 2018.