Equifax fined by ICO over data breach that hit Brits

[ItsMitch]

S: BBC

 

Equifax has been fined by the UK's Information Commissioner's Office in regards to it's breach a year ago which impacted 700'000 brits and a further 14 million brits had names and DoB's leaked to the hackers. Equifax was very lucky that this breach happened outside of the scope of the GDPR so the UK had to investigate them under the UK Data Protection Act of 1998 which had a maximum fine of £500'000. Equifax was informed by the US Homeland and Security of critical flaws in their software but failed to act accordingly

Quote

The ICO, which joined forces with the Financial Conduct Authority to investigate the breach, found that it affected three distinct groups in the following ways:

• 19,993 UK data subjects had names, dates of birth, telephone numbers and driving licence numbers exposed
• 637,430 UK data subjects had names, dates of birth and telephone numbers exposed
• Up to 15 million UK data subjects had names and dates of birth exposed

An Equifax spokesperson said the firm was "disappointed in the findings and the penalty" 

 

Because the breach happened before the launch of the EU's General Data Protection Regulation (GDPR) in May this year, the investigation took place under the UK's Data Protection Act 1998 instead.

 

And the fine of £500,000 is the highest possible under that law.

 

"The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce," said information commissioner Elizabeth Denham.

I find it funny that they find the fine was "Disappointing" considering they're incredibly lucky this happened outside the scope of GDPR

[Mihle]

Fine was way to low sadly

[ItsMitch]

Just now, Mihle said:

Fine was way to low sadly

I know, but it happened before the GDPR took place and ICO has to abide by the rules Shame Equifax didn't abide by the same rules. 

[Brooksie359]

Wait they new about the security flaws? Why are these people allowed to have people's personal information in the first place is beyond me. 

[ItsMitch]

3 minutes ago, Brooksie359 said:

Wait they new about the security flaws? Why are these people allowed to have people's personal information in the first place is beyond me. 

It seems so. 

Quote

 

Equifax had also been warned about a critical vulnerability in its systems by the US Department of Homeland Security in March 2017, the ICO revealed.

And appropriate steps to fix the vulnerability were not taken, according to the ICO.

 

 

[Castdeath97]

6 hours ago, Brooksie359 said:

Wait they new about the security flaws? Why are these people allowed to have people's personal information in the first place is beyond me. 

Relevant