Equifax has confirmed that a recent data breach exposed a file containing 15.2 million UK personal information records.
On 10 October 2017, the National Cyber Security Centre (NCSC) confirmed the Equifax data breach disclosed in September 2017 actually compromised 15.2 million UK records.
That’s considerably more than 400,000, the number of consumers living in the United Kingdom which Equifax originally thought had been affected by the security incident.
The credit bureau has confirmed the NCSC’s findings and revealed some additional details regarding the exposure. As quoted in a statement posted to its website:
“Today Equifax can confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. Regrettably this file contained data relating to actual consumers as well as sizeable test datasets, duplicates and spurious fields. Equifax has brought every analytical tool, technique and data asset it has available to bear in order to ‘fill in the blanks’ and establish actual consumer identities and attribute a current home address to them. This complete, we have been able to place consumers into specific risk categories and define the services to offer them in order to protect against those risks and send letters to offer them Equifax and third-party safeguards with instructions on how to get started. This work has enabled us to confirm that we will need to contact 693,665 consumers by post. Details are set out in the box below. The balance of the 14.5m records potentially compromised may contain the name and date of birth of certain UK consumers. Whilst this does not introduce any significant risk to these people Equifax is sorry that this data may have been accessed.”
Equifax said that it had not yet started notifying the affected UK consumers because it did not think it was “appropriate” as it was waiting until “the full forensics investigation was completed.” Given the mess Equifax has made in its attempts to respond to this breach, you would think the credit bureau would be itching to repair its reputation in the eyes of consumers everywhere.
Honestly, I’m not sure that reasoning does the trick.
While Equifax works to get its act together, UK citizens IN GENERAL should be wary of phishing messages and fraudulent calls that might try to leverage their data stored with Equifax to steal even more of their personal information.
Find out more about Equifax’s shambolic approach to its data breach, in this edition of the “Smashing Security” podcast:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.