Serious Equifax security breach fined £11.1m

The Financial Conduct Authority (FCA) has fined Equifax, a major credit checking agency, £11,164,400 for a serious cybersecurity breach. The company failed to properly manage and monitor the security of UK consumer data, which it had outsourced to its US-based parent company. This failure allowed hackers to access millions of British consumers' personal data.

Equifax Inc cybersecurity breach in 2017

In 2017, Equifax Inc, the parent company of Equifax, was the victim of one of the largest cybersecurity breaches in history. Cybercriminals gained access to personal data of approximately 13.8 million UK consumers by exploiting data outsourcing to Equifax Inc's servers in the United States. The Financial Conduct Authority stressed that this cyber attack was entirely preventable.

Equifax accused of lack of oversight on outsourced information

The FCA highlighted that Equifax did not consider the relationship with the parent company to be an outsourcing and therefore did not provide adequate oversight over the management and protection of the data submitted. The cybersecurity breach not only compromised consumer safety, but was exacerbated by Equifax's mishandling of the incident response. This possible worsening of the situation contributed to the significant amount of the fine imposed.

The responsibility of financial companies to protect customer data

According to Therese Chambers, Joint Executive Director of Enforcement and Market Oversight at the FCA, financial firms are required to ensure the security of customer data, which is a prime target for cyber criminals. Equifax has clearly failed to keep British consumers' data safe. The cybersecurity breach and Equifax's failure to adequately respond highlights the importance of properly managing and protecting personal data, especially in the financial space.