Britain’s financial regulator, the Financial Conduct Authority (FCA), has imposed a hefty £11 million ($13.4 million) fine on Equifax Ltd, a consumer credit rating agency, for its involvement in what it deemed “one of the largest” cybersecurity breaches in history.
The breach dates back to 2017 when Equifax’s parent company, Equifax Inc (EFX.N) in the United States, suffered a monumental cybersecurity incident, compromising the personal information of up to 147.9 million U.S. consumers.
The FCA’s investigation revealed that the cyber attackers were not limited to the U.S., as they also gained unauthorized access to the personal data of 13.8 million UK consumers.
This security breach exposed sensitive information including names, dates of birth, Equifax membership login credentials, partially exposed credit card details, and addresses.
The regulatory body emphasized that this breach was entirely preventable and placed UK consumers at risk of financial crimes.
Equifax responded to the FCA’s actions by stating that it had cooperated fully with the regulatory authority throughout the lengthy investigation.
Patricio Remon, President for Europe at Equifax, highlighted the company’s substantial investment in security and technology transformation, totaling over $1.5 billion since the cyberattack six years ago.
He asserted that Equifax had made significant efforts to protect consumers’ information.
The FCA’s report also revealed that Equifax Ltd was unaware of the breach until six weeks after its parent company discovered it.
Moreover, the FCA found critical weaknesses in Equifax Inc’s data security systems and criticized Equifax Ltd for failing to take appropriate measures to safeguard UK customer data.
Despite the substantial fine, Equifax’s penalty was reduced as it agreed to cooperate extensively with the FCA in resolving the matter.
This development underscores the importance of robust data security practices and swift action in the face of cybersecurity threats.
It’s worth noting that Equifax Ltd had previously faced penalties for the same breach, with the Information Commissioner’s Office in Britain imposing a fine of £500,000 in 2018.
These actions serve as a stark reminder of the critical need for companies to prioritize the security of consumer data in an age where cyber threats continue to evolve and proliferate.