Equifax Says Almost 400,000 Britons Hit In Data Breach (bbc.co.uk)

← Back to Stories (view on slashdot.org)

Equifax Says Almost 400,000 Britons Hit In Data Breach (bbc.co.uk)

Posted by BeauHD on Friday September 15, 2017 @10:40AM from the nobody-is-safe dept.

MalachiK shares a report from the BBC: Data about British people "may potentially have been accessed" during the data breach at the U.S. credit rating firm Equifax. The UK arm of the organization said files containing information on "fewer than 400,000" UK consumers was accessed in the breach. In a statement, the UK office of Equifax said an internal investigation had shown that data on UK consumers was accessed during the hack. It said data on Britons was being held in the U.S. due to a "process failure" which meant that a limited amount of information was stored in North America between 2011 and 2016. The information held included names, dates of birth, email addresses and telephone numbers. No addresses, passwords or financial data was involved.

28 of 45 comments (clear)

Min score:

Reason:

Sort:

let's just forget about numbers by turkeydance · 2017-09-15 10:42 · Score: 4, Funny

and say Everybody got Equifaxed
Equifax is just a ... by CaptainDork · 2017-09-15 10:45 · Score: 1

... cluster fuck.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Equifax is just a ... by Anonymous Coward · 2017-09-15 10:52 · Score: 2, Funny
  
  Equifux.
Let's not mince words by fustakrakich · 2017-09-15 10:55 · Score: 2, Insightful

The entire consumer credit reporting industry has been "breached". It's only a matter of time before the other two players make their announcements.

--
“He’s not deformed, he’s just drunk!”
1. Re:Let's not mince words by mea_culpa · 2017-09-15 12:07 · Score: 1
  
  We need a way to opt out of this madness.
  These institutions have created so much havoc for so many people.
Less than by Anonymous Coward · 2017-09-15 10:56 · Score: 2, Insightful

When it's less than it really mean 399,999 where as if it was nearly it would be 351,000.
1. Re:Less than by Anonymous Coward · 2017-09-15 19:46 · Score: 1
  
  I don't even see why this is much of a minimisation anyway. It's 1 in 200 people in the UK even at those numbers. That's a huge hack by any measure on earth.
Congratulations, idiots by mrbester · 2017-09-15 11:09 · Score: 3, Insightful

By admitting to this, charges can be brought by UK under EU regulations for storing those details. Never mind the class action lawsuit wanting billions in reparation, now those with the power to levy their own fines and decide how large they can be can tear Equifax a new one so wide it can be used as an alternative to the Channel Tunnel.

--
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
1. Re:Congratulations, idiots by Trax3001BBS · 2017-09-15 12:39 · Score: 1
  
  By admitting to this, charges can be brought by UK under EU regulations for storing those details. Never mind the class action lawsuit wanting billions in reparation, now those with the power to levy their own fines and decide how large they can be can tear Equifax a new one so wide it can be used as an alternative to the Channel Tunnel.
  It's the way I see it. Europe actually have privacy laws they enforce https://en.wikipedia.org/wiki/... "Controllers from outside the EU, processing data in the EU, will have to follow data protection regulation"
  I was actually glad to see Britons involved for the above reason alone.
2. Re: Congratulations, idiots by Anonymous Coward · 2017-09-15 15:46 · Score: 1
  
  Hackers didn't make them store the data on the wrong continent, surely?
3. Re:Congratulations, idiots by JonnyCalcutta · 2017-09-15 22:53 · Score: 2
  
  As has already been suggested - the issue is that under EU legislation its illegal to store that data outside the EU. So this isn't something that can use a hacking defence, this is something the hacking has simply brought to light.
not a Brit, but... by Anonymous Coward · 2017-09-15 11:11 · Score: 5, Insightful

This company needs the corporate death penalty. Shut it down, high level management in charge of security gets prison time.
Unless there are meaningful penalties, companies are not going to stop aggregating our information and then failing to secure it. It's too easy to say, "cost of security is higher than OUR cost in a breach, so we'll ignore security".
There have to be asses on the line. No excuses.
New standard operating procedure by Anonymous Coward · 2017-09-15 11:17 · Score: 1

It's just wonderful, with everyone's personal information completely out there, from now on the standard way of doing things is going to involve everyone having to freeze and unfreeze their credit manually with each freaking credit agency every time they need to do something with it. And giving money to the credit agencies in the process. Brilliant.
1. Re:New standard operating procedure by ledow · 2017-09-16 00:28 · Score: 1
  
  Or:
  Stop using fucking names, addresses and "secret" (pfft) numbers to authorise credit.
  Do some fucking ID, 2-factor-authentication, etc. rather than just "You say that you're Fred Bloggs at 1 Privet Drive? Sure, have a loan".
  Literally credit authorisation without explicit notification of such (why is there not a "credit account" where I authorise with a password any credit request?) is just fucking stupid and always has been.
  If someone else who knows some obviously public data (I mean, fuck, Equifax have it for a start so anyone who works there could claim to be me, let alone EVERY COMPANY you've ever used to ask for credit or been required to give the same information too) is able to just authorise credit for you, that's the problem.
  Past that, it's a much simpler privacy issue - nobody should know what loans I have except me and the loan holder.
"We only store EU member data on EU servers..." by xxxJonBoyxxx · 2017-09-15 11:21 · Score: 1

>> data on (400K) Britons was being held in the U.S. due to a "process failure"

I suspect it would have been MORE Britons, but that Equifax only had data on 400K Britons.

>> "We only store EU member data on EU servers..."

(memebot: "Maury Povich": [anything Equifax says]: "our lie detector says that is a lie")
1. Re:"We only store EU member data on EU servers..." by ledow · 2017-09-16 00:24 · Score: 2
  
  Equifax operate in the UK where they hold a similar position to one or two other major credit reference agencies and it's pretty much even chances whether a credit check made by a company uses Equifax or the other major ones. But they all share data and if you ask for a loan from a company that uses one, and then ask for a loan from a company that uses another (e.g. comparing providers), then your data is on both for at least four years.
  Likely they have data, out of a population of 70m, on at least 35m of those. Probably more.
  The reason they say the bottom bit is because that's what EU law requires, so they are trying to say that their normal processes are to only store in EU (I have to get such guarantees from companies before I can store data with them, e.g. Google, Office 365, etc.).
  They obviously fucked up, however, by letting 400k of those records out of the EU, which is instantly illegal. You can't process, or release data for processing, outside of the EU without explicit agreements to do so (not just with consumers). I have to explain this regularly to people who want to use services hosted in the Bahamas and India. Literally, we're not allowed to, and if we did and anything was ever released - it's OUR fault for allowing it to happen.
So not content with by thegarbz · 2017-09-15 11:25 · Score: 1

a data breach, incompetence in reporting post event, and a healthy dose of insider trading, it now appears they were violating EU law as well.
I hope Equifax doesn't go under too quickly. It's providing a lot of entertainment right now.
Is this a personal problem? I bet you don't know. by shanen · 2017-09-15 11:26 · Score: 2

I actually decided to take action on this fiasco. I decided to try to find out if Equifax has a file on me and if so, was my file leaked. If those questions get positive answers, then I might need to do something. Spent a long time searching, mostly on the Equifax website, but also tried email, webform, chat, and was willing to try a voice call, too. Got NOTHING so far. It's almost like the Equifax people want to pretend there's no problem here.
I think what's bugging me most about this abuse of personal information is that I don't get to join in. Let's take the case of you, whoever you are. Should I pay any attention to your comments? What is your reputation really like? Companies like Equifax have assembled comprehensive dossiers on you, but I can't even get a short summary for preemptive filtering. Hey, if a troll has no credit history at all, then why should I pretend the troll exists? Why should my supposedly valuable time be wasted by a sock puppet when a quick background check of his credit history would prove there's no one there?
Now about that aggregation and display of public reputation on websites such as Slashdot... Karma hurts, don't it?
Oh yeah. Forgot one bit. Please don't forget to let me know if I can do anything to help put Equifax into bankruptcy. Phone my congress-critters? Join a lawsuit? Tweet? The sky's the limit, unlike my own credit rating.

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
So then it's official by istartedi · 2017-09-15 11:31 · Score: 1

Equifax is now an international criminal organization.

--
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
399,999 fewer? by easyTree · 2017-09-15 11:52 · Score: 1

Please be specific.

--
Requiem for the American Dream
Process Failure by easyTree · 2017-09-15 11:57 · Score: 1

For an individual, process failures lead to inevitable to balance one's financial affairs. This is monetised by credit reference agencies at both ends, to the detriment of the individual.
For credit reference agencies, process failures lead to....?
What do we have which rates companies, so that we can assess the worth of companies and stonewall those which don't meet certain criteria?

--
Requiem for the American Dream
1. Re: Process Failure by easyTree · 2017-09-15 12:02 · Score: 1
  
  For an individual, process failures lead to INABILITY to balance one's financial affairs. This is monetised by credit reference agencies at both ends, to the detriment of the individual.
  For credit reference agencies, process failures lead to....?
  What do we have which rates companies, so that we can assess the worth of companies and stonewall those which don't meet certain criteria?
  
  --
  Requiem for the American Dream
Background of Equifax IT execs by Anonymous Coward · 2017-09-15 12:22 · Score: 1

Educational background of Chief Information Office and Chief Security officer caught my attention. According to http://money.cnn.com/2017/09/15/news/equifax-top-executives-retiring/index.html CIO got bachelor's degree in Russian, CSO studied music in college. Both are retiring (not getting fired) according to the same article.
Can somebody chime in if this is unusual for CIO/CSO positions?
1. Re:Background of Equifax IT execs by Ol+Olsoc · 2017-09-15 14:30 · Score: 1
  
  Can somebody chime in if this is unusual for CIO/CSO positions?
  Not at all
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
2. Re:Background of Equifax IT execs by NicknameUnavailable · 2017-09-16 07:34 · Score: 1
  
  It's not actually correct to burn the IT guys most of the time - especially at large organizations. They typically make sound recommendations which then get "haggled" into something between "secure" and "laughably insecure" - which of course is "laughably insecure." It's the people at the top who are responsible, the IT guy (CIO/CTO as well) just do what they can with the limited resources and ability they are given.
Being great Britain, by Ol+Olsoc · 2017-09-15 14:25 · Score: 1

The fix will have something to do with monitoring pornography.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
GDPR by DatbeDank · 2017-09-15 18:17 · Score: 1

Even though the UK is leaving the EU, the EU is going to have a field day with this.
It's good to know that Equifax will probably no longer exist in a few months. Probably makes sense why those executives sold their stock. They knew the company was over. The question is, will the other reporting agencies take their jobs more seriously?
Well.... by MerlTurkin · 2017-09-16 01:57 · Score: 1

I signed up for their "trustedid" thing 4 days ago. Was supposed to hear back and so far haven't heard ANYTHING. Went to Transunion and did a fraud alert. So at least all three will have to put me on fraud alert. Better than nothing.