Equifax £multi-Million US Fine Entirely preventable

It was announced this week that the credit score giant faces a fine of $700 million (£561 million) following its 2017 data breach – a hefty penalty that could have been avoided.

Reports have stated that Equifax was warned in March 2017 that one of its databases was vulnerable to hackers. It acted quickly ordering a patch to be put in place within 48 hours but critically, did not check this had been implemented leaving the personal – and unencrypted – data open to hackers for several months.

Kingsley Hayes, Managing Director at Data Breach and  Cyber Security specialist Hayes Connor Solicitors, said:

“It appears that Equifax acted responsibility, and swiftly, when it was made aware of the problem however, human error has led to costly repercussions.

“In the months following the alert, multiple hackers were able to access personal data including names, addresses, dates of birth and credit card details. Although the hacks took place targeting one of its American databases, Equifax identified that the personal details of some 400,000 UK individuals had also been exposed.

“It was found that at least some of this private, and sensitive, data was in plain text increasing its vulnerability and ease with which the details could be accessed and abused. As the breach occurred before GDPR came into effect, the ICO investigated the breach under the Data Protection Act 1998 handing Equifax the maximum fine of £500,000 under that law in September 2018. The figure would have been significantly higher had the breach taken place post GDPR.

“Hayes Connor is acting against Equifax which will add to its significant costs following its failure to adequately protect confidential data. We anticipate that our clients are entitled to between £1,000 – £2,500 each depending on their individual case.

“The vast majority of data breaches occur due to entirely avoidable human error. It appears that the security team at Equifax acted swiftly to rectify the situation once they were made aware of the issue. Failing to follow up to ensure that the instructed action had been implemented has been a very costly mistake with more financial losses to come.”

For more information about Hayes Connor Solicitors, visit the website at www.hayesconnor.co.uk

 This article was submitted to be published by Hayes Connor Solicitors as part of their advertising agreement with Today’s Legal Cyber Risk. The views expressed in this article are those of the submitter and not those of Today’s Legal Cyber Risk.