Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax Says Almost 400,000 Britons Hit In Data Breach (bbc.co.uk)

Posted by BeauHD on from the nobody-is-safe dept.

MalachiK shares a report from the BBC: Data about British people "may potentially have been accessed" during the data breach at the U.S. credit rating firm Equifax. The UK arm of the organization said files containing information on "fewer than 400,000" UK consumers was accessed in the breach. In a statement, the UK office of Equifax said an internal investigation had shown that data on UK consumers was accessed during the hack. It said data on Britons was being held in the U.S. due to a "process failure" which meant that a limited amount of information was stored in North America between 2011 and 2016. The information held included names, dates of birth, email addresses and telephone numbers. No addresses, passwords or financial data was involved.

9 of 45 comments (clear)

  1. let's just forget about numbers by turkeydance · · Score: 4, Funny

    and say Everybody got Equifaxed

  2. Re:Equifax is just a ... by Anonymous Coward · · Score: 2, Funny

    Equifux.

  3. Let's not mince words by fustakrakich · · Score: 2, Insightful

    The entire consumer credit reporting industry has been "breached". It's only a matter of time before the other two players make their announcements.

    --
    “He’s not deformed, he’s just drunk!”
  4. Less than by Anonymous Coward · · Score: 2, Insightful

    When it's less than it really mean 399,999 where as if it was nearly it would be 351,000.

  5. Congratulations, idiots by mrbester · · Score: 3, Insightful

    By admitting to this, charges can be brought by UK under EU regulations for storing those details. Never mind the class action lawsuit wanting billions in reparation, now those with the power to levy their own fines and decide how large they can be can tear Equifax a new one so wide it can be used as an alternative to the Channel Tunnel.

    --
    "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    1. Re:Congratulations, idiots by JonnyCalcutta · · Score: 2

      As has already been suggested - the issue is that under EU legislation its illegal to store that data outside the EU. So this isn't something that can use a hacking defence, this is something the hacking has simply brought to light.

  6. not a Brit, but... by Anonymous Coward · · Score: 5, Insightful

    This company needs the corporate death penalty. Shut it down, high level management in charge of security gets prison time.

    Unless there are meaningful penalties, companies are not going to stop aggregating our information and then failing to secure it. It's too easy to say, "cost of security is higher than OUR cost in a breach, so we'll ignore security".

    There have to be asses on the line. No excuses.

  7. Is this a personal problem? I bet you don't know. by shanen · · Score: 2

    I actually decided to take action on this fiasco. I decided to try to find out if Equifax has a file on me and if so, was my file leaked. If those questions get positive answers, then I might need to do something. Spent a long time searching, mostly on the Equifax website, but also tried email, webform, chat, and was willing to try a voice call, too. Got NOTHING so far. It's almost like the Equifax people want to pretend there's no problem here.

    I think what's bugging me most about this abuse of personal information is that I don't get to join in. Let's take the case of you, whoever you are. Should I pay any attention to your comments? What is your reputation really like? Companies like Equifax have assembled comprehensive dossiers on you, but I can't even get a short summary for preemptive filtering. Hey, if a troll has no credit history at all, then why should I pretend the troll exists? Why should my supposedly valuable time be wasted by a sock puppet when a quick background check of his credit history would prove there's no one there?

    Now about that aggregation and display of public reputation on websites such as Slashdot... Karma hurts, don't it?

    Oh yeah. Forgot one bit. Please don't forget to let me know if I can do anything to help put Equifax into bankruptcy. Phone my congress-critters? Join a lawsuit? Tweet? The sky's the limit, unlike my own credit rating.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  8. Re:"We only store EU member data on EU servers..." by ledow · · Score: 2

    Equifax operate in the UK where they hold a similar position to one or two other major credit reference agencies and it's pretty much even chances whether a credit check made by a company uses Equifax or the other major ones. But they all share data and if you ask for a loan from a company that uses one, and then ask for a loan from a company that uses another (e.g. comparing providers), then your data is on both for at least four years.

    Likely they have data, out of a population of 70m, on at least 35m of those. Probably more.

    The reason they say the bottom bit is because that's what EU law requires, so they are trying to say that their normal processes are to only store in EU (I have to get such guarantees from companies before I can store data with them, e.g. Google, Office 365, etc.).

    They obviously fucked up, however, by letting 400k of those records out of the EU, which is instantly illegal. You can't process, or release data for processing, outside of the EU without explicit agreements to do so (not just with consumers). I have to explain this regularly to people who want to use services hosted in the Bahamas and India. Literally, we're not allowed to, and if we did and anything was ever released - it's OUR fault for allowing it to happen.