The UK Financial Conduct Authority (FCA) has fined Equifax Ltd £11,164,400 for a security breach that exposed UK consumer’s information. The FCA says the security breach is one of the largest cybersecurity breaches in history.
The FCA notes that in 2017, hackers accessed the personal data of approximately 13.8 million UK consumers managed by Equifax. This included names, birthdates, telephone numbers and more information that placed consumers at risk of financial crimes and identity theft. The FCA says the hack was “entirely preventable,” and Equifax failed to provide appropriate oversight. The FCA adds that it took Equifax six weeks to discover the hack and then made multiple public statements that downplayed the accounts impacted.
Therese Chambers, Joint Executive Director of Enforcement and Market Oversight, explained that Equifax compounded the failure by mishandling their response to consumers, noting that financial firms hold information that is attractive to criminals.
“Cyber security and data protection are of growing importance to the security and stability of financial services,” said Jessica Rusu, FCA Chief Data, Information and Intelligence Officer. “Firms not only have a technical responsibility to ensure resiliency but also an ethical responsibility in the processing of consumer information. The Consumer Duty makes it clear that firms must raise their standards.”