fbpx

Equifax Data Breach Claim

Up to 15 million people in the UK could have had their details breached. Are you one of them? If so, our group action can help.

Get justice for the Equifax data breach

In 2017, poor security processes at Equifax led to a huge data breach. The ICO has fined Equifax £500,000, and people who have been affected by the breach can register to make a data breach claim.

But Equifax still hasn’t informed everyone who had their data privacy rights violated.

Keller Lenkner UK has launched a group action against Equifax. Group actions can be a powerful tool and can have a bigger impact than a single claim.

IF YOU HAVE BEEN AFFECTED BY THE EQUIFAX DATA BREACH, WE CAN HELP YOU MAKE A NO-WIN, NO-FEE CLAIM FOR COMPENSATION. 

Why claim data breach compensation?

Hold Equifax to account for failing to protect your private information.

Receive financial compensation for your losses.

Force organisations to implement better data security.

Not sure if your information was included in the Equifax data breach?

Equifax knows exactly who was impacted by this breach. But you have to ask Equifax if you were involved. This is called making a Subject Access Request (SAR).  To keep the process straightforward, Keller Lenkner Data Breach Solicitors can make a SAR on your behalf.

JOIN THE KELLER LENKNER UK DATA BREACH GROUP ACTION TO GET THE JUSTICE YOU DESERVE.

Talk to our expert data breach lawyers today on 0151 459 5850

Equifax Data Breach Timeline

  • May to July 2017
    Hackers carried out an attack on Equifax’s servers and gained access to the personal information of millions of people.
  • 29th July 2017
    Equifax discovered evidence of the cybercrime.
  • 7th September 2017
    Equifax publicly admitted to the data breach and said it affected 143 million people. The first US class action was filed against Equifax.
  • 8th September 2017
    Equifax notified the Financial Conduct Authority (FCA) and the Information Commissioner's Office (ICO) that some data relating to UK consumers may have been impacted by the cyber-attack.
  • 15th September 2017
    Equifax said that approximately 400,000 UK consumers had a combination of their name, date of birth, phone number and email address accessed in the cyber-attack.
  • 2nd October 2017
    Equifax released information which showed that an additional 27,000 UK consumers were thought to be affected.
  • 10th October 2017
    Equifax issued a press release with a revised number of 693,665 UK consumers.
  • 13th October 2017
    Equifax began posting letters to UK consumers alerting them to the data breach.
  • 20th September 2018
    The ICO issued Equifax Ltd with a £500,000 fine. According to the ICO, 15 million people may have been affected in the UK.
  • 22nd July 2019
    Equifax reached a $1.4 billion data breach settlement in a US-based consumer class action. $400 million will go towards compensating victims.

Latest News

WHAT IS A GROUP ACTION?

 

Find out more about making a group action claim for compensation against Equifax.

WHAT DOES NO-WIN, NO-FEE MEAN?

 

What does no-win, no-fee actually mean and are there really no costs if you appoint us?

Why use Keller Lenkner UK to make a claim?

We are one of the most experienced multi-claimant law firms in the UK.

Our GDPR, data breach and cybercrime specialists have a combined experience of over 50 years.

We represent clients in group actions and individual cases with innovation, resources, and expertise.

We work with expert barristers to ensure you get the very best level of legal support available.

We have all the resources and global expertise necessary to take on complicated cases and win.

We have offices in Chancery Lane, London and Liverpool City Centre, and the technology to provide a nationwide service.

We use technology to deliver a better legal experience to our clients.

We work on a no-win, no-fee basis.

We make the process straightforward and hassle-free.

JOIN OUR NO-WIN, NO-FEE EQUIFAX GROUP ACTION

Your questions answered

See our answers to the FAQs we get asked about the Equifax Data Breach.

FAQs about the Equifax data breach

The Equifax data breach happened when hackers gained access to the private details of 146 million people in the US.  While Equifax said that its systems in the UK were not affected, it did admit that a file stored in the US may have been accessed. As such, up to 15 million UK individuals could have had their details breached.

The data included names, address, dates of birth, and credit card numbers. Some driving licence numbers and some email addresses were also included in the breach. Also, for some individuals, their Equifax credit services account info may have been exposed. In addition to the above data, this means that their username, password, secret question and answer could be breached. Some credit card payment amounts could also have been compromised.

The Equifax data breach was announced in September 2017. The sensitivity of the personal information held by Equifax makes this breach one of the most severe breaches reported to date.

To join our claim against Equifax, you need evidence that your personal information was involved in the data breach.

Equifax wrote to 693,665 UK customers confirming that they had their data breached. Equifax also wrote to a further 167,431 UK consumers whose landline telephone numbers were already published in the public Phone Book. If you are one of the people who have received such a letter, you can claim for Equifax data breach compensation.

However, many victims will not have received a letter from Equifax. And, even if you never used Equifax directly, your data could be compromised if you applied for a loan, mortgage, etc. (if the provider used Equifax to check your credit score).

If you have not received confirmation about your involvement (or of you have lost this evidence), but suspect your information was breached, you can ask Equifax if you were put at risk. This is called making a subject access request (SAR).

In the UK, you can ask any organisation if your data was involved in a breach and a copy of this information should be provided free of charge. This is a legal right, and you can complain to the ICO if Equifax does not provide the information.

To keep the process straightforward, Keller Lenkner Data Breach Solicitors can make a SAR on your behalf.

Once we have established whether you were involved in the Equifax data breach, we will ask you for:

  • Evidence of any financial losses, distress, and/or inconvenience you have suffered because of the data breach. For example:
    • Bank statements
    • Correspondence (letters, emails, etc.) with banks, credit card providers, credit reference agencies, etc.
    • Credit score reports (with dates of any dips)
    • Details about medical appointments/prescriptions that relate to this data breach (e.g. due to distress/stress)
    • Evidence of any fraudulent transactions, fraud attempts, alerts, cancelled cards that relate specifically to the card details breached
    • Evidence of increased spam
  • Anything else that may be relevant to support your claim.

Yes. if you used an Equifax security product between 2015 and 2017 your data could be at risk. But even if you never used Equifax directly, your data could be compromised if you applied for a loan, mortgage, etc. (if the provider used Equifax to check your credit score).

No. Equifax will pay over $400 million to compensate victims in the US, but this does not go to victims in the UK. We believe that UK consumers deserve compensation too.

In 2018, the ICO issued Equifax Ltd with a £500,000 fine for failing to protect personal data. However, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation, so this money will not be given to victims of the breach. The only way to get Equifax data breach compensation is to make a claim.

While Equifax was the victim of a cyber-attack, it is the one who controlled your personal information. Poor security processes allowed the breach to happen, so Equifax is responsible.

The Information Commissioner’s Office (ICO) investigation revealed multiple security failures at the credit reference agency. In response, Equifax was fined £500,000. However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

Register via our online form for further advice about what to do. We will keep your details (securely of course!) and, now Equifax has been fined, start your claim for compensation.

Unfortunately yes, cybercriminals could use the details stolen in the Equifax data breach to commit further harm (e.g. in phishing attempts). Because of this breach, many people have already experienced theft, fraud, and emotional distress.

The ICO investigators discovered that almost 15 million people in the UK had their names and dates of birth stolen. This included:

  • 9,993 UK data subjects had names, dates of birth, telephone numbers and driving licence numbers exposed.
  • 637,430 UK data subjects had names, dates of birth and telephone numbers exposed.

More significantly, the ICO also discovered another data set (the GSC data set) which included 27,047 UK individuals. In this data set, the compromised information was account information for Equifax’s credit services. Of this group, 12,086 people had their email addresses compromised and 14,961 individuals had portions of their Equifax.co.uk membership details such as username, address, date of birth, plain text password, secret questions and answers, and partial credit card details accessed.

The ICO investigation, carried out in parallel with the Financial Conduct Authority, concluded that there had been multiple failures at the credit reference agency. For example,

  • Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data.
  • Measures which should have been in place to manage the personal data were found to be inadequate and ineffective.
  • There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access.
  • The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken meaning a consumer-facing portal was not appropriately patched.

You can read the ICO’s findings in full here.

Following the data breach, Equifax sent a letter to those affected, informing them that their data was put at risk. Everyone who has received this letter can claim compensation.

However, since the hack was first uncovered, Equifax has admitted that far more people were put at risk than first thought. If you are in any way concerned, contact us and let us know. We will check if you have had your data breached. Once we have established that your data has been violated, we can start the claims procedure on your behalf.

 

Yes, it does not matter if there is no evidence that the data stolen has been used to carry out identity theft or fraud. If your privacy rights have been breached the law agrees that you are entitled to compensation.

After finding a series of data protection failures at the company, the ICO imposed a penalty of £500,000 on Equifax. However, while it has the potential to issue fines, the regulator does not give any of this money to the victims of the data breach.

We cannot say for sure, but we believe that we have a strong case. Especially as the ICO has already found Equifax guilty of failing to put appropriate security measures in place to prevent a cyber-attack. In the US, Equifax will pay $4oo million to compensate affected consumers in a similar action.

We cannot say that you will definitely get compensation, but Equifax has already been found to have breached people’s data and needs to be held responsible by compensating for any losses, distress and inconvenience caused. In the US, Equifax will pay $400 million to compensate affected consumers in a similar action.

To make the strongest possible claim on your behalf, we always ask for evidence to support your claim. We will ask for this whether or not you have a letter from Equifax. This could include things like:

  • Evidence that you have received a letter from Equifax saying your details have been affected (where you have this)
  • Evidence of any financial losses, distress, and/or inconvenience you have suffered as a result of the data breach. For example:
    • Bank statements
    • Correspondence (letters, emails, etc.) with banks, credit card providers, credit reference agencies, etc.
    • Credit score reports (with dates of any dips)
    • Details about medical appointments/prescriptions that relate to this data breach (e.g. due to distress/stress
  • Evidence of any fraudulent transactions, fraud attempts, alerts, cancelled cards that relate specifically to the card details breached
  • Evidence of increased spam
  • Anything else that may be relevant to support your claim.

We would also seek confirmation that, as far as you are aware, your information was not put at risk by another data breach.

To join our Equifax data breach group action compensation claim you need to register with us. It is vital to sign up ASAP to ensure you do not miss out.

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.

Distress

GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.
 

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.

JOIN OUR NO-WIN, NO-FEE EQUIFAX GROUP ACTION