Equifax says nearly 700,000 UK consumers impacted by breach

by Morgan Chalfant - 10/10/17 2:45 PM ET

Equifax revealed on Tuesday that hackers accessed information on nearly 700,000 British consumers in a breach earlier this year, significantly more than initially believed.

The credit reporting firm said in a statement that hackers accessed a file containing 15.2 million United Kingdom records from between 2011 and 2016. Equifax analyzed the data, concluding that information on a total of 693,665 U.K. consumers was impacted.

{mosads}

Initially, the company said that information on potentially 400,000 U.K. consumers had been accessed.

Hackers accessed information including account details like usernames and passwords, as well as partial credit card information.

Equifax first disclosed the breach on Sept. 7, revealing that hackers exploited a vulnerability in a U.S. website application. The company initially said that 143 million U.S. consumers had their Social Security numbers, birth dates and other personal information accessed, raising that estimate to 145.5 million last week.

The breach also impacted some British and Canadian consumers. Equifax said last month that as many as 100,000 Canadians had been affected by the breach.

The company said it has now started notifying impacted U.K. consumers.

“I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act,” Equifax’s President for Europe Patricio Remon said in a statement Tuesday.

“It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed,” Remon said.

Britain’s National Cyber Security Centre (NCSC) released a separate statement on the latest disclosure, warning British consumers that they could be targeted by phishing attacks if their information was compromised in the breach.

The NCSC along with Britain’s National Crime Agency, Financial Conduct Authority and other government entities are investigating the Equifax breach and plan to offer future updates if necessary.

“We are aware that Equifax was the victim of a criminal cyber attack in May 2017. Equifax have today updated their guidance to confirm that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident,” an NCSC spokesman said in a statement.

“NCSC advises that passwords are not re-used on any accounts if you have been told by Equifax that any portion of your membership details have been accessed.”

Hackers breached Equifax’s system in May and maintained access to the information for more than a month until the company discovered the suspicious activity at the end of July.

The incident sparked mass scrutiny of Equifax, and several executives, including the company’s CEO, have resigned.

Last week, lawmakers in Washington grilled ex-CEO Richard Smith on the circumstances surrounding the breach.