400,000 UK consumers at risk after the Equifax data breach

About 400,000 Britons may have had their information stolen following the Equifax data breach, the news was reported by the UK division of the company.

More details are emerging from the recent Equifax data breach that impacted approximately 143 million U.S. consumers. The attackers exploited the CVE-2017-5638 Apache Struts vulnerability that was fixed back in March, but the company did not update its systems, a thesis that was also reported by an Apache spokeswoman to the Reuters agency.

Now the UK division of the credit reference agency has revealed that 400,000 UK people were affected due to a “process failure,” but the systems of the company in the UK were not affected.

The platforms used by Equifax Ltd and TDX Group are “entirely separated from those impacted by the Equifax Inc cybersecurity incident.”

Unfortunately, the investigation revealed that there was unauthorised access to limited personal information for certain UK consumers, but hackers did not access financial data or credentials.

“Regrettably, the investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.The information was restricted to: Name, date of birth, email address and a telephone number, and Equifax can confirm that the data does not include any residential address information, password information or financial data.” reads the Equifax UK.

“Having concluded the initial assessment, Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.”

According to the company, the UK consumer data that may have been stolen does not include “any single Equifax business clients or institution.”

The Information Commissioner’s Office (ICO) ordered Equifax to alert British customers following the incident.

“Reports of a significant data loss at US-based Equifax and the potential impact on some UK citizens gives us cause for concern. We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised,” ICO deputy commissioner James Dipple-Johnstone said.

“We will be advising Equifax to alert affected UK customers at the earliest opportunity. In cyber-attack cases that cross borders the ICO is committed to working with relevant overseas authorities on behalf of UK citizens.”

Equifax will notify the affected UK customers offering them an identity protection service for free.

The service will monitor any suspicious activity about possible misuses of victim’s data, including monitoring of web and social media information.

“We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.” said Patricio Remon, Europe president at Equifax Ltd.

The company is still investigating the incident.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Equifax data breach, cybercrime)

[adrotate banner=”12″]

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.