US credit monitoring company Equifax, which was hit by the mother of all hacks recently when it lost the personal details of 143 million people, said up to 400,000 UK citizens may have been affected by the breach.
Apparently an investigation revealed that a file containing UK consumer information “may potentially have been accessed”.
The file contained:
- Dates of birth
- Email addresses
- Telephone numbers
However, it didn’t include postal addresses, passwords or financial information, says Equifax.
To offer reassurance Equifax UK said it didn’t expect UK citizens to become the victims of identity theft.
It added it would contact affected UK citizens in writing to offer advice and a free identity protection service to monitor their personal information and data.
Like the service offered by its US arm the free identity protection service is likely to be for one year only.
Equifax UK is keen to point out the UK customer file ‘may’ have been compromised as a result of a failure in process rather than lifted out of a database by hackers.
In plain English this means a file that should have been exclusively stored in the UK could also have ended up in the company’s US systems sometime between 2011 and 2016.
Specifically the company in a press release said: "This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016."
The only problem with this statement is that if UK customer data was stored up to 2016 only, how come it was still there this year (remember we’re in 2017) when the company was hacked?
Clearly, there is still a lack of clarity (and possibly honesty) from Equifax. By storing UK consumer data in the US it may well have been in breach of data regulations if this data was for marketing purposes. However, this is speculative.
To placate investors Equifax said in a statement: “The company announced that the Chief Information Officer and Chief Security Officer [David Webb and Susan Mauldin respectively] are retiring.”
To you and me this means they’ve been thrown to the wolves, probably along with some barbecue sauce to hasten the gobbling up process.
And no doubt as they were being unceremoniously tossed out of a metaphorical window the action was accompanied by fevered prayers that the ‘sacrifice’ will appease the markets.
But it may be too late. If you recall, three Equifax executives (including the chief financial officer) cashed in about $1.8 million in shares before the company announced it had lost the personal details of 143 million people.
It said that the directors had no knowledge of the huge data breach implying that hack had nothing to do with the sudden share fire sale. Wall Street was pretty upset to say the least and to say Equifax’s credibility has been undermined is an understatement.
But perhaps Equifax is one of those companies that is setting trends in the employee equality stakes. So when the chief security officer discovered that it had just become the victim of a monster hack she rushed to tell Dolores in the canteen and Eric in maintenance.
Why should the chief financial officer be told given the enormous financial and market implications? Best keep him out of the loop, huh?
Equifax may well have sown the seeds of its own ultimate demise.
Clearly, putting the words ‘integrity, honesty and Equifax’ in one sentence creates a powerful oxymoron for the corporate zeitgeist.
If you enjoy a bit of schadenfreude why not check out Equifax’s web page
on the importance of data security. Bet you can’t help but chuckle.
You might think it’s unfair to point a sharp finger at Equifax. But keep in mind this is a company that takes your data, tracks your financial payments and uses it to make decisions about your integrity – and all without your consent.
This is how it sells itself and rather than doing it all it can to protect the data it holds on you because its loss could potentially ruin your life, or at the least cause serious damage, it manages to lose this information apparently because it didn’t apply a patch to some open source web application software.
Unfortunately, this lax approach to locking down customer data is all too common in the corporate world. It appears as if corporate irresponsibility and incompetence are acceptable as long as the profits keep rolling in.
There’s a striking lesson in the Equifax hack. You can’t trust the corporate world to protect your data. We’ve seen it time and time again. It’s up to us as individuals to safeguard our own personal data