Slashdot Mirror
Equifax Slapped With UK's Maximum Penalty Over 2017 Data Breach (techcrunch.com)
Credit rating giant Equifax has been issued with the maximum possible penalty by the UK's data protection agency for last year's massive data breach. From a report: Albeit, the fine is only 500,000 Pound (roughly $658,000) because the loss of customer data occurred when the UK's prior privacy regime was in force -- rather than the tough new data protection law, brought in via the EU's GDPR, which allows for maximum penalties of as much as 4% of a company's global turnover for the most serious data failures.
So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months -- thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers. Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.
So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months -- thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers. Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.
Have the EU decree that Equifax can't do business in the EU anymore. Then they might actually realize just how insanely inexcusable their actions were.
4% of global annual revenue... what about considering the cost of the damage done?
What about considering the cost of implementing sound security policies? No one will do it if the fine is less than the cost of implementation.