Equifax Data Breach Hits 700,000 U.K. Customers

Consumer credit reporting agency Equifax was hit by a 'mega-breach' discovered in July 2017 which has hit 700,000 U.K. consumers.

Files containing a monumental 15.2 million U.K. data records between 2011 and 2016 were illegally accessed.

Hackers were able to steal information for months after technicians at Equifax Inc failed to apply vital security patches to known-vulnerabilities. Around 145 million U.S. customers were also hit by the data breach as well as the 700,000 U.K. victims.

Patricio Remon, European President of Equifax Ltd, expressed his "sincere personal apologies to anyone who has been impacted by this incident". As a financial reporting agency who collect and aggregate data for over 800 million individual consumers and 88 million businesses worldwide, Equifax are expected to uphold the highest standards when it comes to cybersecurity; yet hackers were able to break into their systems with relative ease off the back of a well-known and highly publicised security flaw.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

We Are With You
We vow to fight for the rights of victims whose private data has been exposed or misused.
Maximum Compensation
We pledge to make sure victims are always fairly compensated for what they have had to go through.
No Win No Fee
You benefit from our Genuine No Win, No Fee promise. Find out more here now.
Data Claim Experts
We have recovered over £1m for data breach victims since 2014 as leading pioneers in privacy claims law.

What Data Was Hacked In The Equifax Data Breach U.K?

This is a serious breach that should have been prevented. Share values reportedly dropped by 14% after news broke of the breach, and there are reports of suspicious share sales just before the scandal emerged in the news as well...

A wealth of data has been hacked - we're talking 15.2 million data records for almost 700,000 U.K. customers. This is a mega-breach that could easily go down in the history books.

Some 9,725 partially-redacted unique credit card numbers were accessed, as well as 29,188 driving license numbers. This is worrying news.

14,961 victims had their Equifax membership details like usernames, passwords, secret questions and answers, and partial credit card details exposed, with 637,430 phone numbers accessed and 12,086 email addresses associated with Equifax accounts hacked.

Combinations of the stolen data can easily arm scammers, fraudsters, and phishers with enough information to do serious harm. With the largest hacked file containing 14.5 million data records, the Equifax data breach UK is set to go down in history as one of the worst data hacks.

Who is affected by the Equifax data breach?

Following the Equifax data breach, they initially thought the hacked data was limited to the 145 million U.S. customers given the data was stolen from servers in America. However, they later admitted that around 300,000 U.K. customers were also affected, but this figure quickly grew to 400,000 in a press release in September.

In a letter to the FCA, Equifax eventually admitted the actual figure was more than double what they originally thought, having identified 693,665 U.K. customers affected.

Risks To Equifax Data Breach Victims

After the Equifax data breach in the UK, Equifax acknowledges there are victims at the "highest risk of identity theft" given the nature of the information stolen.

With such sensitive information from a credit reporting company being accessed for a prolonged period of time, there is a real risk of serious crimes being committed against Equifax data breach UK victims, such as:

  • Identify theft (we understand at least one person has already come forward and alleged)
  • Cold-call scams using information obtained from the hack
  • Email phishing scams using information obtained from the hack
  • Data held for ransom (we understand at least one person has already come forward and alleged)
  • Other financial fraud

As we often warn, even a little information can go a long way for a fraudster. With the wealth of highly sensitive financial and personal information stolen, victims of the UK Equifax data breach are at a real risk of serious financial crimes committed against them.

The .K.'s Financial Conduct Authority (FCA), who regulate the U.K. company Equifax Limited, said:

"Credit reference agency firms are subject to the high level principles of the FCA regulatory regime, which include requirements on treating customers fairly and on ensuring adequate risk management, systems and controls. They are also subject to relevant data protection legislation which is enforced by the Information Commissioner's Office (ICO)."

As We Often Warn Even A Little Information Can Go A Long Way For A Fraudster

With the wealth of highly sensitive financial and personal information stolen, victims of the UK Equifax data breach are at a real risk of serious financial crimes committed against them.

The U.K.'s Financial Conduct Authority (FCA), who regulate the U.K. company Equifax Limited, said:

"Credit reference agency firms are subject to the high level principles of the FCA regulatory regime, which include requirements on treating customers fairly and on ensuring adequate risk management, systems and controls. They are also subject to relevant data protection legislation which is enforced by the Information Commissioner's Office (ICO)."

How The Equifax Hack Happened

Suspicious activity was discovered by Equifax Limited's parent company, Equifax Inc, on 29 July 2017, and they hired cybersecurity firm ​Mandiant​ to investigate the concerns.

What they found was harrowing...

Equifax blamed the hack on a "combination of human error and technological error" after a technician failed to apply a security patch for the "CVE-2017-5638" vulnerability discovered in March 2017. On top of that, security scanners failed to detect the vulnerability remained.

It has since been discovered that hackers had access to the database between mid-May and the end of July - a period of around ten weeks where private and sensitive information was dangerously exposed.

In a letter to the U.K.'s Chair of the Treasury Committee, Equifax admitted the hack was caused by the "failure of Equifax Inc personnel to apply an upgrade to the Equifax Inc US consumer dispute portal in March 2017. The technological error involved a scanner which failed to detect the vulnerability on this particular portal after the upgrade should have been made".

In terms of how U.K. victims have been caught up in the Equifax data breach, it has been described as a "process error" that led to historic U.K. customers' information being retained in the U.S. after customer identity validation checks were carried out. This in itself may amount to a data breach, and we're investigating what right the U.K. arm of the company had to transfer U.K. customer information to the U.S. parent company, Equifax Inc.

Regulators Apply Pressure On Equifax

The U.K.'s Financial Conduct Authority (FCA) and Information Commissioners' Office (ICO) are working together to investigate the data breach, and have already raised concerns over how Equifax handled the discovery of the breach and the delay in warning authorities and consumers. Astonishingly, the U.K. regulators were only made aware of the breach via the media on 8th September 2017 because Equifax failed to warn them.

It's further understood that Equifax set up a bespoke "breach notification" website for customers to check if they were affected. However, internet security software deemed the site to be a potential "phishing site", creating further confusion and concern for victims involved.

But things got worse...

The site set up by Equifax, named "equifaxsecurity2017.com", was deemed by cybersecurity experts to be a risky move, and to prove a point, a researcher set up a website with a similar domain, named "securityequifax2017.com". His point was catastrophically proven when even the official Twitter account for Equifax inadvertently linked people to the wrong site; i.e. the dummy site set up by the researcher, resulting in further backlash from angered victims.

To press home the point, the fake webpage headline stated:

"Cybersecurity Incident & Important Consumer Information which is Totally Fake, why did Equifax use a domain that's so easily impersonated by phishing sites?"

With Equifax already acknowledging that the biggest risk to victims is phishing scams, the creation of the website has been heavily criticised. Their eventual move to notifying victims by post welcomed by regulators in efforts to prevent people falling victim to electronic phishing scams arising from the breach.

We're Taking On Equifax Data Breach Claims

Are you looking to claim for Equifax compensation in the UK? Our team is representing a number of people affected by the Equifax Data Breach. If you've been affected by the Equifax hack, contact us today for help and advice.

We're aware that Equifax are offering a "free comprehensive ID protection service" to some victims, which we find is a standard offer nowadays off the back of major data breaches. You may be entitled to financial compensation as a victim of the Equifax breach as well, especially if you've been targeted by fraudsters.

Our team are incredibly worried about the phishing scams and fraudulent activity that typically follows a breach of this nature. A number of TalkTalk hack victims were contacted by scammers who had enough information about their accounts to convince them they were calling from TalkTalk, and thousands of pounds were consequently stolen.

Can You Claim?

Equifax acknowledges that many victims risk "unwanted cold calling" like we saw after the TalkTalk hack. Whilst they say that any complaints will be "investigated fairly and promptly" with the aim to provide fair treatment to victims involved, we understand they're not looking at compensation for victims.

This is usual, and that's where we come in.

We're investigating the hack and we believe there is a case to answer for. Equifax has clearly failed to secure sensitive information, and we'll be taking issue with the data of U.K. victims being moved abroad.

We've already accepted cases and we may be able to help you too. Our team have years of experience at the forefront of data protection compensation, having helped victims of the infamous 56 Dean Street clinic leak as well as helping victims of well-known hacks similar to the Equifax Breach, such as the TalkTalk hack and the Three hack.

We Can Help

You have rights as a victim, and we may be able to help you claim for data leak compensation.

We're here to help, and if you would like free and confidential advice as an affected victim of the breach, please call us on 0800 634 7575 or send us a message by contacting us here.

The Importance
Of Our Work

Our work is extremely important. We all have a right to privacy; and our rights when it comes to how our personal data and information is used and handled is enshrined in law. But for too long now organisations have flouted their duties and people have become the victims of widespread scandals where personal information that is sensitive and confidential has been leaked to people who should never have seen it.

We help the victims to obtain the justice that they deserve.

No Win, No Fee

We can pursue your claim on a genuine No Win, No Fee agreement.

Fighting Your Corner

We can fight for your rights as a victim of a data breach, leak, hack, or where your information has been misused.

Leading Data Breach Experts

We are leading data compensation lawyers representing thousands of clients for claims.

Our Simple Claims Process

We offer free, no-obligation legal advice and No Win, No Fee legal representation – Start Your Claim Now!

If you have been the victim of a data breach from any private or public organisation, then we can help. Whether it's your employer, the NHS, the police, a local authority, or a website you use, we can help you claim the compensation you deserve.

Our clear and simple process:

Let's
Talk

You can speak to the team by phone, or message us with your enquiry now. You can arrange a call back for a time and date that suits you.

Assess
Your Case

We can usually assess your claim in a matter of minutes and get the case started without delay.

Start
Your Claim

We can quickly launch your claim for data breach compensation. Start your claim today.

Stay
Informed

As your claim moves forward we can keep you updated.

Your Lawyers - Leading Data Leak Lawyers

The Data Leak Lawyers have represented substantial cohorts of claimants in Group Litigation Order actions. Aside from our work in multi-party claims, we also represent considerable numbers of individual claimants that range from medical data leaks to council and social services data breaches.

Some of these cases are particulary sensitive. As a firm of lawyers who also take forward large numbers of complex and serious data protection breach compensation claims, we can offer a network of legal experts from our in-house staff to the Barristers we have close relations with, and indeed the lawyers and firms we work with around the world.

The combination of expertise in data compensation and mass consumer actions allows you the confidence to know that we are dedicated to the fight for justice.

Latest Posts

20/05/2022
Student data breaches compensation claims

Victims of student data breaches can be entitled to pursue claims for privacy compensation, and we can represent eligible claimants on a No Win, No Fee basis. Your Lawyers,...

Read More

Posted By Admin
18/05/2022
Email attachment data breaches claiming compensation

Victims affected by email attachment data breaches can be entitled to pursue a privacy compensation case on a No Win, No Fee basis now. As a leading firm of data breach sol...

Read More

Posted By Admin
17/05/2022
County council data breaches: claim compensation now

Victims of county council data breaches can be eligible to claim compensation for any distress caused by the loss of control of personal information, and eligible clients can ...

Read More

Posted By Admin

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon