Equifax scores £11.1M slap on wrist over 2017 mega breach

The UK’s Financial Conduct Authority has fined Equifax a smidge over £11 million for severe failings that put millions of consumers at risk of financial crime.

The two companies involved here are Equifax Ltd and Equifax Inc. There are key differences between the two that are important in fully understanding the case.

Equifax Inc is the parent company of Equifax Ltd. It too is a global CRA and was the company that stored and processed UK consumer data on behalf of Equifax Ltd under their agreement.

Despite being part of the same group, the Data Processing Agreement constituted an outsourcing of data, meaning Equifax Ltd was still liable for the issues in the eyes of regulators even though it was Equifax Inc’s system blunders that led to the incident.

Equifax Inc only became aware of the breach on July 30, 2017, and by August 11, 2017, it knew customer data may have been accessed.

Equifax Ltd became certain that UK data was compromised on August 29, 2017, and due to the nature of the Data Processing Agreement between Equifax Ltd and Equifax Inc, the former should have notified UK regulators at least by this point, but ideally on the 11th. Equifax Inc was told by lawyers on September 5, 2017, that Equifax Ltd needed to tell the ICO. It took two further days to communicate this to Equifax Ltd. The FCA only learned about the breach in a press report published on September 8, 2017, following Equifax’s public disclosure in the late hours of September 7.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.