The Financial Conduct Authority (FCA), Britain’s financial regulatory body, announced on Friday that it has fined Equifax Ltd £11 million ($13.4 million) for its involvement in a significant cybersecurity breach, characterized as “one of the largest” in history.
In 2017, Equifax’s parent company, based in the United States, experienced a colossal cybersecurity breach, compromising the personal information of as many as 147.9 million U.S. consumers. The breach allowed hackers to access the personal data of approximately 13.8 million UK consumers due to data being stored on servers located in the United States.
Equifax Ltd had outsourced sensitive data, including names, dates of birth, Equifax membership login credentials, partially exposed credit card details, and addresses, leaving this information vulnerable to cyber-attacks.
“The cyberattack and unauthorized access to data were entirely preventable,” stated the FCA, emphasizing that this breach exposed UK consumers to a heightened risk of financial crime.
Equifax responded to the fine, noting that they had cooperated fully with the FCA throughout the lengthy investigation, Reuters news report said. Patricio Remon, President for Europe at Equifax, highlighted their substantial investments in security and technology transformation, totaling over $1.5 billion since the cyberattack six years ago.
However, the FCA criticized Equifax for failing to promptly detect the unauthorized access to consumer data, noting known security weaknesses in Equifax Inc.’s systems. The UK arm of Equifax only became aware of the breach six weeks after the parent company’s discovery.
The fine imposed on Equifax was reduced following the company’s agreement to cooperate with the FCA to a high level in resolving the matter. Despite the fine, Equifax remains committed to fortifying data security measures and protecting consumers’ information.