Equifax, the credit rating agency, suffered a cyber breach in May 2017 and today they have confirmed that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident.
The majority of these compromised records may contain the name and date of birth of certain UK consumers, but Equifax have stated that they will contact by post the 693,665 customers who had sensitive data exposed.
Since being made aware of the incident, a wide range of relevant UK government departments and agencies have worked together to protect British citizens who may have been affected by this data breach. The National Cyber Security Centre (NCSC), under the supervision of government ministers, has worked with the regulatory authorities, law enforcement and government partners to understand the impact to the UK and develop measures to support those affected and provide appropriate advice.
The UK’s independent financial and information regulators have played an integral part in this process and will announce their conclusions and any further actions in due course.
An NCSC spokesperson said:
“Equifax today confirmed that a file containing 15.2m UK records was attacked. The company say this included 693,665 people who could have had their data exposed, including email addresses, passwords and phone numbers.
“It is always a company’s responsibility to identify UK victims and Equifax will contact by post the holders of those affected accounts.
“NCSC has published updated advice on its website, following today’s announcement. The guidance is tailored specifically to this incident and advises members of the public on password re-use, avoiding related phishing emails and fraudulent phone calls, as well as giving information of how to report a cyber incident to Action Fraud.”
Originally published by Action Fraud
GDPR Summit Series is a global series of GDPR events which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at http://www.gdprsummit.london/