Five myths about the Equifax data breach

Female Lawyer talking to a clients around a conference table
Share on facebook
Share on twitter
Share on linkedin

In 2017, poor security processes at Equifax led to a huge data breach. Up to 15 million people in the UK could have had their privacy violated. But there are some misapprehensions about the Equifax data breach.

Myth 1. Equifax informed everyone who had their data compromised in the breach

Equifax wrote to 693,665 UK customers confirming that they had their data breached. Equifax also wrote to a further 167,431 affected UK consumers whose landline telephone numbers were already published in the public Phone Book.

However, this breach happened before the introduction of the General Data Protection Regulation (GDPR), when there were far less stringent rules about notifying those involved. So, many victims will not have received a letter from Equifax.

If you have not received confirmation about your involvement, but you suspect Equifax breached your information, Keller Lenkner UK can find this out for you.

1 in 4 UK adults are likely to be affected by the Equifax data breach. Find out if you are one of them

Myth 2. Only people who signed up to Equifax were affected

If you used an Equifax security product between 2015 and 2017 – for example, a credit monitoring service – your data could be at risk. But even if you never used Equifax directly, your privacy could have been violated.

If you applied for a loan, mortgage, etc. during the data breach period and the financial provider used Equifax to check your credit score, your details could have been compromised.

Myth 3. Equifax was only fined £500,000, so the breach wasn’t that bad

In 2018, the Information Commissioner’s Office (ICO) fined Equifax £500,000 for the data breach, which is a small amount compared to other penalties. For example, in 2020, British Airways was fined £20 million for a large customer data breach.

However, as the Equifax data breach took place before the GDPR, the £500,000 fine was the maximum allowed under the previous legislation. The truth is that the ICO investigation revealed multiple security failures at the credit reference agency. So it could be argued that Equifax got off lightly.

Myth 4. Everyone had the same data stolen in the privacy violation

ICO investigators discovered that almost 15 million people in the UK had their names and dates of birth stolen. This included:

  • 9,993 people who had their names, dates of birth, telephone numbers and driving licence numbers exposed.
  • 637,430 people who had their names, dates of birth and telephone numbers exposed.

The ICO also discovered another data set (the GSC data set) which included 27,047 UK individuals. These people had their Equifax account details breached. Of this group, 12,086 people had their email addresses compromised and 14,961 had portions of their Equifax.co.uk membership details such as username, address, date of birth, plain text password, secret questions and answers, and partial credit card details accessed.

Myth 5. Equifax was not responsible for the breach

While Equifax was the victim of a cyber-attack, it is the one who controlled your personal information. Poor security processes allowed the breach to happen, so Equifax is responsible.

To join our Equifax data breach group action compensation claim you need to register with us. It is vital to sign up ASAP to ensure you do not miss out.

Contact Keller Lenkner UK’s expert data breach lawyers to discuss the Equifax data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin