In September 2018, the UK’s data protection watchdog – the Information Commissioner’s Office (ICO) – issued Equifax Ltd with a £500,000 fine.
The fine came after a series of security flaws at Equifax allowed hackers to access the personal details of millions of people in the UK and US. According to the ICO, 15 million people may have been affected in the UK.
The ICO’s investigation was carried out under older data protection law, rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.
Furthermore, while fines are an essential step in ensuring big businesses like Equifax do more to uphold their data protection obligations, they do little to help those already affected by a breach. As such, anyone who has suffered as a result of the Equifax cyber-attack may seek to claim compensation.
In this short guide, our data protection lawyers have set out everything you need to know about making a claim against Equifax.
Who can make a data breach compensation claim against Equifax?
Following the data breach, Equifax sent a letter to those affected, informing them that their data was at risk. The information exposed included email addresses, passwords, driving license numbers and phone numbers.
However, Equifax has since admitted that far more people were put at risk than initially thought. In total, the breach has impacted:
- 9,993 UK data subjects who had their names, dates of birth, telephone numbers and driving licence numbers exposed
- 637,430 UK data subjects who had their names, dates of birth and telephone numbers exposed
- Up to 15 million UK data subjects who had their names and dates of birth exposed.
The ICO also discovered another data set (the GSC data set) which included 27,047 UK individuals. In this data set, the compromised information was account information for Equifax’s credit services. Of this group, 12,086 people had their email addresses compromised, and 14,961 individuals had portions of their Equifax.co.uk membership details such as username, address, date of birth, plain text password, secret questions and answers, and partial credit card details accessed.
Furthermore, Equifax is a credit reference agency. When you apply for a loan, mortgage, credit card or mobile phone, the company you are requesting credit from might use Equifax to check your credit report and decide whether to approve your application. So, even if you are not an Equifax customer, they could hold your data, and this could now be at risk.
If you have ever received correspondence from Equifax stating that you may have been affected by this breach, and you have suffered distress and/or inconvenience as a result, then get in contact with us so that we may review your case.
Crucially, it does not matter if you have not lost out financially because of the Equifax hack. Being the victim of a data breach can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, the law agrees that you are entitled to compensation.
What did the ICO investigation find?
The ICO investigation, carried out in parallel with the Financial Conduct Authority, concluded that there had been multiple failures at the credit reference agency.
- Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data.
- Measures which should have been in place to manage the personal data were found to be inadequate and ineffective.
- There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access.
- The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken, meaning a consumer-facing portal was not appropriately patched.
Why should you join a group action case?
Starting a claim can be daunting, and it is not unusual for people who have perfectly valid complaints to be put off due to the risks of going up against a large and well-resourced defendant. A group action allows people with the same type of claim to bring it together on a collective basis, so they are a powerful tool when it comes to redressing the power balance between large organisations and claimants.
How much does it cost to join the Equifax group action?
How much compensation can you expect following the Equifax data breach?
We cannot say that you will definitely get compensation, or at what level should it be awarded. On reviewing your case, we will give you a realistic idea of what you might expect to receive.
What should you do now?
Register to become part of our Equifax group action and keep a diary or note of events since the hack. This will help us with your case.
- has your card been used without permission?
- are there transactions that your bank has picked up that you have not made?
- are you getting more spam or junk email with your name on it?
- are you anxious or worried by the thought of people being able to access your data?
Why use Keller Lenkner UK?
With one of the most experienced multi-claimant legal teams in England and Wales and some of the most skilled data breach lawyers, we have everything it takes to win.
Contact Keller Lenkner UK for a free assessment of your case.