Equifax, the credit rating agency, suffered a cyber breach in May 2017 and today they have confirmed that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident.
The majority of these compromised records may contain the name and date of birth of certain UK consumers, but Equifax have stated that they will contact by post the 693,665 customers who had sensitive data exposed.
Since being made aware of the incident, a wide range of relevant UK government departments and agencies have worked together to protect British citizens, and those covered by UK law, who may have been affected by this data breach. The National Cyber Security Centre (NCSC), under the supervision of government ministers, has worked with the regulatory authorities, law enforcement and government partners to understand the impact to the UK and develop measures to support those affected and provide appropriate advice.
The UK’s independent financial and information regulators have played an integral part in this process and will announce their conclusions and any further actions in due course.
An NCSC spokesperson said:
“Equifax today confirmed that a file containing 15.2m UK records was attacked. The company say this included 693,665 people who could have had their data exposed, including email addresses, passwords and phone numbers.
“It is always a company’s responsibility to identify UK victims and Equifax will contact by post the holders of those affected accounts.
“NCSC has published updated advice on its website, following today’s announcement. The guidance is tailored specifically to this incident and advises members of the public on password re-use, avoiding related phishing emails and fraudulent phone calls, as well as giving information of how to report a cyber incident to Action Fraud.”
- The NCSC advice and guidance can be seen on the NCSC website. It recommends that passwords are never re-used across important accounts and also setting up Two-Factor Authentication (also called Two-Step Verification) in the security settings
- The Equifax statement can be seen here. It details that the data exposed in the 693,665 records includes Equifax membership details such as username, password, secret questions and answers and partial credit card details from 2014.
- Members of the public can report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information visit www.actionfraud.police.uk.