Equifax Slapped With UK's Maximum Penalty Over 2017 Data Breach

Credit rating giant Equifax has been issued with the maximum possible penalty by the UK's data protection agency for last year's massive data breach. From a report: Albeit, the fine is only 500,000 Pound (roughly $658,000) because the loss of customer data occurred when the UK's prior privacy regime was in force -- rather than the tough new data protection law, brought in via the EU's GDPR, which allows for maximum penalties of as much as 4% of a company's global turnover for the most serious data failures.

So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months -- thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers. Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.

Why assume the hacker is always stupid?

[DCFusor]

I'm a white hat, but damn, if I got access to a DB, I'd to a lot more interesting stuff - modify the records. The power inherent in a credit rating agency - or say, the OPM, means you can effectively make someone rich or poor, give them or take away a security clearance, or any of a long list of other "fun". Then and only then do any exfiltration without erasing logs, just to cover your tracks. The exfiltration simply complicates things so much it makes "following the money" impractical - which money?....
.

Ever notice how this possibility is never, ever mentioned? This dog ain't barking so loudly it's deafening. So, are both sides really that stupid, or is someone covering up something? I find the former hard to believe - once, maybe, but every single time this sort of thing happens?