Equifax UK has surfaced to say that British systems were not affected by a recently disclosed megahack, however 400,000 UK people were affected due to a “process failure.”
The credit reference agency is saying that UK dedicated systems were not affected by the security breach at its US parent firm that exposed the personal details of millions of consumers.
Equifax Ltd and TDX Group systems and platforms are “entirely separated from those impacted by the Equifax Inc cybersecurity incident,” it said.
As part of its investigation, Equifax has identified unauthorised access to limited personal information for certain UK consumers:
Regrettably, the investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.The information was restricted to: Name, date of birth, email address and a telephone number, and Equifax can confirm that the data does not include any residential address information, password information or financial data.
Having concluded the initial assessment, Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.
Equifax plans to contact Brits affected by the breach to advise them and give them access to a free comprehensive identity protection service which will allow them to monitor their personal data, including their credit information, and be alerted to any potential signs of fraudulent activity.
The service will also incorporate web and social media monitoring, alerting the consumer to any publicly available information about them.
Patricio Remon, Europe president at Equifax Ltd, said: “We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.”
The compromised UK consumer data does not relate to any single Equifax business client or institution, the firm added.
The Equifax investigation is ongoing. The firm said it’s in dialogue with the Financial Conduct Authority and Information Commissioner’s Office.
Equifax UK’s statement came late on Friday, after normal business hours, following days of stonewalling customer queries.