Equifax has confirmed nearly 700,000 UK consumers were affected by the massive data breach it suffered earlier this year – more than the 400,000 it had initially thought were impacted.
The company said an independent investigation found that a file containing 15.2 million records between 2011 and 2016 was attacked, with names and dates of birth at risk, and that 693,665 could have had personally identifiable information stolen.
The majority of that figure (637,430) might only have had their phone number accessed, however this opens them up to scams, while the remainder had at least one of their email address, secret questions, partial credit card details or driving licence potentially compromised.
In the US, Equifax has already increased the number of potential victims from 143 million to 145.5 million – or half the population of the USA. The hack has been attributed to a web server vulnerability, however its UK systems were not breached.
The reason why British consumers are caught up in this is that a “process error” meant that some UK data was stored in the US.
Equifax said it wasn’t appropriate to contact UK consumers until it had “absolute clarity” following the investigation and would be writing to those affected. It will not be calling consumers for security reasons as this would invite phishing scams.
“Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act. Let me take this opportunity to emphasise that protecting the data of our consumers and clients is always our top priority,” said Patricio Remon, President for Europe at Equifax Ltd (UK).
“It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed.
“I urge anyone who receives a letter from Equifax to take advantage of the remedial services being offered to help mitigate against any risk, or to contact us should you have any questions.”
The company has previously said it is working with the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO).
Do you know all about security in 2017? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…