Equifax Says Almost 400,000 Britons Hit In Data Breach (bbc.co.uk)

← Back to Stories (view on slashdot.org)

Equifax Says Almost 400,000 Britons Hit In Data Breach (bbc.co.uk)

Posted by BeauHD on Friday September 15, 2017 @10:40AM from the nobody-is-safe dept.

MalachiK shares a report from the BBC: Data about British people "may potentially have been accessed" during the data breach at the U.S. credit rating firm Equifax. The UK arm of the organization said files containing information on "fewer than 400,000" UK consumers was accessed in the breach. In a statement, the UK office of Equifax said an internal investigation had shown that data on UK consumers was accessed during the hack. It said data on Britons was being held in the U.S. due to a "process failure" which meant that a limited amount of information was stored in North America between 2011 and 2016. The information held included names, dates of birth, email addresses and telephone numbers. No addresses, passwords or financial data was involved.

45 comments

Min score:

Reason:

Sort:

let's just forget about numbers by turkeydance · 2017-09-15 10:42 · Score: 4, Funny

and say Everybody got Equifaxed
Equifax is just a ... by CaptainDork · 2017-09-15 10:45 · Score: 1

... cluster fuck.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Equifax is just a ... by Anonymous Coward · 2017-09-15 10:52 · Score: 2, Funny
  
  Equifux.
You angry bruh? by Anonymous Coward · 2017-09-15 10:48 · Score: 0

Go equifax yourself.
Time for a Dragnet... by Anonymous Coward · 2017-09-15 10:53 · Score: 0

Just the Equifax ma'am.
Let's not mince words by fustakrakich · 2017-09-15 10:55 · Score: 2, Insightful

The entire consumer credit reporting industry has been "breached". It's only a matter of time before the other two players make their announcements.

--
“He’s not deformed, he’s just drunk!”
1. Re:Let's not mince words by Anonymous Coward · 2017-09-15 11:47 · Score: 0
  
  its time to burn down this institution.
2. Re:Let's not mince words by mea_culpa · 2017-09-15 12:07 · Score: 1
  
  We need a way to opt out of this madness.
  These institutions have created so much havoc for so many people.
Less than by Anonymous Coward · 2017-09-15 10:56 · Score: 2, Insightful

When it's less than it really mean 399,999 where as if it was nearly it would be 351,000.
1. Re:Less than by Anonymous Coward · 2017-09-15 19:46 · Score: 1
  
  I don't even see why this is much of a minimisation anyway. It's 1 in 200 people in the UK even at those numbers. That's a huge hack by any measure on earth.
My British response... by Anonymous Coward · 2017-09-15 11:01 · Score: 0

Cunts
1. Re: My British response... by Anonymous Coward · 2017-09-15 11:36 · Score: 0
  
  I thought it was supposed to be 'bollocks' and 'those twats.'
Congratulations, idiots by mrbester · 2017-09-15 11:09 · Score: 3, Insightful

By admitting to this, charges can be brought by UK under EU regulations for storing those details. Never mind the class action lawsuit wanting billions in reparation, now those with the power to levy their own fines and decide how large they can be can tear Equifax a new one so wide it can be used as an alternative to the Channel Tunnel.

--
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
1. Re:Congratulations, idiots by Trax3001BBS · 2017-09-15 12:39 · Score: 1
  
  By admitting to this, charges can be brought by UK under EU regulations for storing those details. Never mind the class action lawsuit wanting billions in reparation, now those with the power to levy their own fines and decide how large they can be can tear Equifax a new one so wide it can be used as an alternative to the Channel Tunnel.
  It's the way I see it. Europe actually have privacy laws they enforce https://en.wikipedia.org/wiki/... "Controllers from outside the EU, processing data in the EU, will have to follow data protection regulation"
  I was actually glad to see Britons involved for the above reason alone.
2. Re:Congratulations, idiots by Anonymous Coward · 2017-09-15 13:27 · Score: 0
  
  Equifax can easily avoid this. They just use the "the hackers are too good for us" argument, and will come away with at most a slap on the wrist. I worked for a company that got investigated due to a data breach, the argument that the blackhats will always won got them off the hook. In fact, the only thing they had to do was pay for a year of LifeLock, when became a chargable thing after that.
3. Re: Congratulations, idiots by Anonymous Coward · 2017-09-15 15:46 · Score: 1
  
  Hackers didn't make them store the data on the wrong continent, surely?
4. Re:Congratulations, idiots by JonnyCalcutta · 2017-09-15 22:53 · Score: 2
  
  As has already been suggested - the issue is that under EU legislation its illegal to store that data outside the EU. So this isn't something that can use a hacking defence, this is something the hacking has simply brought to light.
not a Brit, but... by Anonymous Coward · 2017-09-15 11:11 · Score: 5, Insightful

This company needs the corporate death penalty. Shut it down, high level management in charge of security gets prison time.
Unless there are meaningful penalties, companies are not going to stop aggregating our information and then failing to secure it. It's too easy to say, "cost of security is higher than OUR cost in a breach, so we'll ignore security".
There have to be asses on the line. No excuses.
400,000 Bitcoins? Wow! That's a lot! by Anonymous Coward · 2017-09-15 11:17 · Score: 0

What?.... Really?... oh.. so sorry... never mind....
New standard operating procedure by Anonymous Coward · 2017-09-15 11:17 · Score: 1

It's just wonderful, with everyone's personal information completely out there, from now on the standard way of doing things is going to involve everyone having to freeze and unfreeze their credit manually with each freaking credit agency every time they need to do something with it. And giving money to the credit agencies in the process. Brilliant.
1. Re:New standard operating procedure by ledow · 2017-09-16 00:28 · Score: 1
  
  Or:
  Stop using fucking names, addresses and "secret" (pfft) numbers to authorise credit.
  Do some fucking ID, 2-factor-authentication, etc. rather than just "You say that you're Fred Bloggs at 1 Privet Drive? Sure, have a loan".
  Literally credit authorisation without explicit notification of such (why is there not a "credit account" where I authorise with a password any credit request?) is just fucking stupid and always has been.
  If someone else who knows some obviously public data (I mean, fuck, Equifax have it for a start so anyone who works there could claim to be me, let alone EVERY COMPANY you've ever used to ask for credit or been required to give the same information too) is able to just authorise credit for you, that's the problem.
  Past that, it's a much simpler privacy issue - nobody should know what loans I have except me and the loan holder.
"We only store EU member data on EU servers..." by xxxJonBoyxxx · 2017-09-15 11:21 · Score: 1

>> data on (400K) Britons was being held in the U.S. due to a "process failure"

I suspect it would have been MORE Britons, but that Equifax only had data on 400K Britons.

>> "We only store EU member data on EU servers..."

(memebot: "Maury Povich": [anything Equifax says]: "our lie detector says that is a lie")
1. Re:"We only store EU member data on EU servers..." by ledow · 2017-09-16 00:24 · Score: 2
  
  Equifax operate in the UK where they hold a similar position to one or two other major credit reference agencies and it's pretty much even chances whether a credit check made by a company uses Equifax or the other major ones. But they all share data and if you ask for a loan from a company that uses one, and then ask for a loan from a company that uses another (e.g. comparing providers), then your data is on both for at least four years.
  Likely they have data, out of a population of 70m, on at least 35m of those. Probably more.
  The reason they say the bottom bit is because that's what EU law requires, so they are trying to say that their normal processes are to only store in EU (I have to get such guarantees from companies before I can store data with them, e.g. Google, Office 365, etc.).
  They obviously fucked up, however, by letting 400k of those records out of the EU, which is instantly illegal. You can't process, or release data for processing, outside of the EU without explicit agreements to do so (not just with consumers). I have to explain this regularly to people who want to use services hosted in the Bahamas and India. Literally, we're not allowed to, and if we did and anything was ever released - it's OUR fault for allowing it to happen.
and now the wrath of the e.u. shall strike... by Anonymous Coward · 2017-09-15 11:22 · Score: 0

companies seem to be more fearful of the european union than the u.s. federal government (ref: google, apple, microsoft, others).
so, to our friends across the great pond.... BURN THEM.
So not content with by thegarbz · 2017-09-15 11:25 · Score: 1

a data breach, incompetence in reporting post event, and a healthy dose of insider trading, it now appears they were violating EU law as well.
I hope Equifax doesn't go under too quickly. It's providing a lot of entertainment right now.
1. Re:So not content with by Anonymous Coward · 2017-09-15 11:56 · Score: 0
  
  Go pound sand you limey fagget or we'll park an air craft caryer off you're coast.
  Is that you Donald?
2. Re:So not content with by Anonymous Coward · 2017-09-15 13:42 · Score: 0
  
  a data breach, incompetence in reporting post event, and a healthy dose of insider trading, it now appears they were violating EU law as well.
  I hope Equifax doesn't go under too quickly. It's providing a lot of entertainment right now.
  Yeah, I ain't laughing......
3. Re:So not content with by Anonymous Coward · 2017-09-15 21:45 · Score: 0
  
  You seem to have a serious problem with the size of your penis.
Is this a personal problem? I bet you don't know. by shanen · 2017-09-15 11:26 · Score: 2

I actually decided to take action on this fiasco. I decided to try to find out if Equifax has a file on me and if so, was my file leaked. If those questions get positive answers, then I might need to do something. Spent a long time searching, mostly on the Equifax website, but also tried email, webform, chat, and was willing to try a voice call, too. Got NOTHING so far. It's almost like the Equifax people want to pretend there's no problem here.
I think what's bugging me most about this abuse of personal information is that I don't get to join in. Let's take the case of you, whoever you are. Should I pay any attention to your comments? What is your reputation really like? Companies like Equifax have assembled comprehensive dossiers on you, but I can't even get a short summary for preemptive filtering. Hey, if a troll has no credit history at all, then why should I pretend the troll exists? Why should my supposedly valuable time be wasted by a sock puppet when a quick background check of his credit history would prove there's no one there?
Now about that aggregation and display of public reputation on websites such as Slashdot... Karma hurts, don't it?
Oh yeah. Forgot one bit. Please don't forget to let me know if I can do anything to help put Equifax into bankruptcy. Phone my congress-critters? Join a lawsuit? Tweet? The sky's the limit, unlike my own credit rating.

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
So then it's official by istartedi · 2017-09-15 11:31 · Score: 1

Equifax is now an international criminal organization.

--
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
399,999 fewer? by easyTree · 2017-09-15 11:52 · Score: 1

Please be specific.

--
Requiem for the American Dream
Process Failure by easyTree · 2017-09-15 11:57 · Score: 1

For an individual, process failures lead to inevitable to balance one's financial affairs. This is monetised by credit reference agencies at both ends, to the detriment of the individual.
For credit reference agencies, process failures lead to....?
What do we have which rates companies, so that we can assess the worth of companies and stonewall those which don't meet certain criteria?

--
Requiem for the American Dream
1. Re: Process Failure by easyTree · 2017-09-15 12:02 · Score: 1
  
  For an individual, process failures lead to INABILITY to balance one's financial affairs. This is monetised by credit reference agencies at both ends, to the detriment of the individual.
  For credit reference agencies, process failures lead to....?
  What do we have which rates companies, so that we can assess the worth of companies and stonewall those which don't meet certain criteria?
  
  --
  Requiem for the American Dream
Re:Is this a personal problem? I bet you don't kno by Anonymous Coward · 2017-09-15 12:08 · Score: 0

Forget getting information on this breach, just try to get your once a year free credit report. Tried for over a decade, and I still have never seen my own damn Equifax credit report. I see dozens of them a week come across my desk since I work for a property management company, but so far I have never been able to see my own report from Equifax. They have been breaking the law for over a decade for refusing to provide us with our credit reports.
Background of Equifax IT execs by Anonymous Coward · 2017-09-15 12:22 · Score: 1

Educational background of Chief Information Office and Chief Security officer caught my attention. According to http://money.cnn.com/2017/09/15/news/equifax-top-executives-retiring/index.html CIO got bachelor's degree in Russian, CSO studied music in college. Both are retiring (not getting fired) according to the same article.
Can somebody chime in if this is unusual for CIO/CSO positions?
1. Re:Background of Equifax IT execs by Ol+Olsoc · 2017-09-15 14:30 · Score: 1
  
  Can somebody chime in if this is unusual for CIO/CSO positions?
  Not at all
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
2. Re:Background of Equifax IT execs by NicknameUnavailable · 2017-09-16 07:34 · Score: 1
  
  It's not actually correct to burn the IT guys most of the time - especially at large organizations. They typically make sound recommendations which then get "haggled" into something between "secure" and "laughably insecure" - which of course is "laughably insecure." It's the people at the top who are responsible, the IT guy (CIO/CTO as well) just do what they can with the limited resources and ability they are given.
Being great Britain, by Ol+Olsoc · 2017-09-15 14:25 · Score: 1

The fix will have something to do with monitoring pornography.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Trying to bury the stories by DJHeini · 2017-09-15 14:41 · Score: 0

They release the news about the US breach on a Friday while everyone is focused on a hurricane. They release the news about a UK breach on a Friday when everyone is focused on a terrorist attack. Coincidence?
GDPR by DatbeDank · 2017-09-15 18:17 · Score: 1

Even though the UK is leaving the EU, the EU is going to have a field day with this.
It's good to know that Equifax will probably no longer exist in a few months. Probably makes sense why those executives sold their stock. They knew the company was over. The question is, will the other reporting agencies take their jobs more seriously?
That they know of by Anonymous Coward · 2017-09-16 01:55 · Score: 0

I'm sure they are completely on top of damage assessment, they were obviously very skilled and knowledgable otherwise....
Their choice to blame open source for their admin/admin login doesn't inspire confidence in their communication
Well.... by MerlTurkin · 2017-09-16 01:57 · Score: 1

I signed up for their "trustedid" thing 4 days ago. Was supposed to hear back and so far haven't heard ANYTHING. Went to Transunion and did a fraud alert. So at least all three will have to put me on fraud alert. Better than nothing.