After 15 million people in the UK had their private details lost, Equifax (NYSE:EFX) has been fined £500,000.
Equifax is a US based consumer credit reporting agency. It collects the information of over 800 million individuals and over 88 million businesses globally.
Between 13 May and 30 July 2017, Equifax lost the personal information of roughly 145.5 million during a cyber attack. 15 million of these people were British.
Equifax’s systems used to handle the personal information were inadequate and ineffective, the Information Commissioner’s Office (ICO) found.
Additionally, the investigation also showed that the company’s systems had previously been warned of their “critical vulnerability”. The US Department of Homeland Security issued this warning just two months before the cyber attack.
A £500,000 fine has been issued to Equifax’s UK operation. This figure is the highest possible under the Data Protection Act 1998. But, had the data breach taken place under the new GDPR, the fine could have reached up to £17.7 million.
A spokesperson for Equifax has commented:
“Equifax has co-operated fully with the ICO throughout its investigation, and we are disappointed in the findings and the penalty.”
“Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents.”
“The criminal cyber attack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk.”