Equifax admits 15.2m UK customers affected by cyber hack

Credit checking agency Equifax said that 15.2m people in the UK had their records stolen in a major cyber attack it originally reported last month at half that size, which has drawn the ire of parliament's influential Treasury Committee.

The US company said on Tuesday that sensitive information on nearly 700,000 individuals was among the records stolen in the massive data hack and that details on millions more people could be compromised, having said in September that 400,000 UK people were affected.

In one of the biggest data breaches in US history, Equifax originally reported that cyber criminals between mid-May and late July had accessed the personal information on roughly 145.5m people, mostly in America, including social security numbers, birth dates and addresses.

At the time, Equifax UK said its dedicated UK systems were not affected by the security breach at the US parent firm.

But on Tuesday the firm pledged to send letters offering assistance to the 693,665 UK consumers affected.

Patricio Remon, president of European operations, said: “Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act. Let me take this opportunity to emphasize that protecting the data of our consumers and clients is always our top priority.”

Noting that Equifax’s UK business is authorised by the Financial Conduct Authority, Nicky Morgan MP, chair of the Treasury Committee, wrote to Remon asking for further details about the scale of the breach and what compensation it will provide.

She also wrote to FCA boss Andrew Bailey for his assessment of Equifax’s response to the incident, and whether the FCA is considering further action.

“Equifax has taken too long to notify those affected by its widespread cyber-security breach," she said, suggesting this has increased the risk that they fall victim to identity theft and fraud.

"It is particularly concerning that the breach occurred in a business that sells identity protection services, and is looking to take advantage of the commercial opportunities afforded by data sharing initiatives, such as Open Banking.

“Mr Remon has said that the immediate focus of Equifax is to ‘support those affected by this incident’. The Treasury Committee will hold him to these words, and will consider taking public evidence from Equifax, particularly if it does not receive a full and timely response to these questions.”

It emerged in September that three Equifax senior executives sold almost $1.8m in shares in the days after the hack was discovered which could have compromised the data of 143m American customers, though the company claimed the three did not know about the incident at the time of selling.

In Washington, dozens of senators called for a federal investigation into the stock sales, while a number of law firms and legal advice organisations were encouraging consumers to join class action lawsuits against the company, or start their own legal action in local small claims courts.

The scandal has had wider implications on the wider US credit reporting industry too, with Transunion shares taking a hit on Wall Street and Experian shares knocked in London too.