What was so bad about the Equifax data breach?

Equifax Data Breach Claim
Share on facebook
Share on twitter
Share on linkedin

In 2017, cybercriminals hacked Equifax’s systems and accessed private personal data. At the time, it was thought that 40,000 brits could be affected by the breach. But, following an investigation, that figure increased to a staggering 15 million.  

This increase is because many companies use Equifax to decide whether to issue mortgages, loans, store cards, credit cards, etc. So, it holds a wealth of information on individuals, even if they are not Equifax customers. Worldwide, 147 million people had their personal information exposed in the privacy violation, labelled “the biggest security disaster of the 21st century”. 

Equifax compensated victims in the US

Following the breach, Equifax agreed to pay $380.5 million to settle a class action against it. This money was part of a larger $700 million fund Equifax agreed to pay in 2019 to settle claims by consumers and government agencies. So why is Equifax still refusing to compensate people in the UK?  

Equifax has been found guilty of data protection failures by the UK regulator

The Information Commissioner’s Office (ICO) investigation revealed multiple security failures at the credit reference agency. For example:  

  • Equifax contravened five out of eight principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data. 
  • Measures that should have been in place to manage the personal data were inadequate and ineffective. 
  • There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access. 
  • The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken meaning a consumer-facing portal was not appropriately patched. 

In response, the ICO fined Equifax £500,000. However, this money goes to HM Treasury, not victims. Furthermore, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR). The £500,000 fine was the maximum allowed under the previous legislation. So Equifax got off lightly. 

Equifax still hasn’t told everyone who has been affected by this breach

It is well established that, following a data breach, criminals often use stolen data to carry out phishing and other forms of scams against those affected. Because of this breach, many people have already experienced theft, fraud, and emotional distress.  

But Equifax still hasn’t notified everyone who was affected by this cyberattack. Without knowing that their data was involved, and exactly what data was exposed, it is impossible for victims of this breach to take steps to protect themselves. This is a shocking data protection failure.  

A whole range of information was stolen

Almost 10,000 people in the UK had their names, dates of birth, telephone numbers and driving licence numbers exposed in this breach. And over 600,000 had their names, dates of birth and telephone numbers exposed. 

More significantly, almost 30,000 people in the UK had their Equifax account information accessed. Of this group, almost 15,000 had portions of their Equifax.co.uk membership details such as username, address, date of birth, plain text password, secret questions and answers, and partial credit card details accessed. 

Signs that criminals have used your data following the Equifax data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Is Equifax trying to evade accountability?

Equifax failed to come clean straight away about the scale of the breach. And to make matters worse, a former Equifax executive also sold his shares in the company before the news of the hack went public. Earning roughly $1 million in the process, the executive was set to profit at the expense of millions of customers. He has since been charged with insider trading, but his actions reflect a disdain for consumer data protection that is all too common. 

What should you do now?

Equifax sent a letter to a small percentage of those affected following the data breach, informing them that their data was put at risk. Everyone who has received this letter can claim compensation. 

However, Equifax has admitted that far more people were put at risk than first thought. If you think your data might have been compromised, contact us and let us know. We will check if you have had your data breached by Equifax and, once established, start a compensation claim on your behalf.

While each case is different, we expect to claim £1,000 to £2,500 per person. We also provide no-win, no-fee funding arrangements, so you don’t have to pay us a penny if we don’t win your case.  

Contact Keller Lenkner UK’s expert data breach lawyers to discuss the Equifax data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin