Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax Increases Number of Britons Affected By Data Breach To 700,000 (telegraph.co.uk)

Posted by BeauHD on from the there's-more-where-that-came-from dept.

phalse phace writes: You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000. The Telegraph reports: "Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The company originally estimated that the number of people affected in the UK was 'fewer than 400,000.' But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers."

4 of 58 comments (clear)

  1. Financial CEOs by Roger+W+Moore · · Score: 4, Interesting

    Actually, it would be a lot more effective if the people who had their details exposed were the heads of major financial companies. These are the people who choose to share our details with companies like Equifax and perhaps if they have their own personal details exposed they may be a lot more careful with whom they share our data in the future.

  2. Re: Good News by Xest · · Score: 3, Interesting

    They're lucky it happened now, maximum fine is £500,000.

    Come May next year when GDPR comes into force they could've been charged 4% of global turnover.

    There is legislation in the UK to allow individuals to be held responsible though, so it's possible Equifax's security chief, CTO, or CEO could be held personally responsible if there's sufficient evidence they mishandled it.

    This industry is incredibly tightly regulated in the UK though, Equifax could lose it's license to practice as a CRA if there is evidence of severe negligence.

  3. ISO certification by pD-brane · · Score: 4, Interesting

    From Equifax' website:

    Equifax is ISO/IEC 27001:2013 certified by a reputable independent third party.

    It is difficult to imagine now that ISO/IEC 27001 (information security management) means anything.
    Who is this "reputable independent third party"?

    1. Re:ISO certification by ytene · · Score: 3, Interesting

      In order for Equifax to legitimately place that statement on their web site, they would have been required to complete an annual ISO27001 Security Audit, conducted by a Certified ISO Security Auditor.

      Such an audit is valid for a maximum duration of 12 months and thus has to be completed annually. It would be very interesting to compare the results of that audit with details of the system[s] that were breached, to determine what level of diligence was provided by the ISO Auditor.

      I wonder if Equifax can substantiate that claim? Interesting...