Slashdot Mirror
Equifax Slapped With UK's Maximum Penalty Over 2017 Data Breach (techcrunch.com)
Credit rating giant Equifax has been issued with the maximum possible penalty by the UK's data protection agency for last year's massive data breach. From a report: Albeit, the fine is only 500,000 Pound (roughly $658,000) because the loss of customer data occurred when the UK's prior privacy regime was in force -- rather than the tough new data protection law, brought in via the EU's GDPR, which allows for maximum penalties of as much as 4% of a company's global turnover for the most serious data failures.
So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months -- thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers. Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.
So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months -- thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers. Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details.
Have the EU decree that Equifax can't do business in the EU anymore. Then they might actually realize just how insanely inexcusable their actions were.
Oh no! However will Equifax survive having to dip into the petty cash to pay a fine that's less than the lunch tab for yesterday's executive meeting about it?
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
4% of global annual revenue... what about considering the cost of the damage done?
What about considering the cost of implementing sound security policies? No one will do it if the fine is less than the cost of implementation.
I'm sure that between this and all the money they made from people locking their credit score and all the money they made from selling identity theft protection plans and their stock price (which has almost completely recovered) I'm sure their security is top notch now.
Let this be a lesson to the rest of you companies who think you need to foolishly spend money on IT security.
.
Ever notice how this possibility is never, ever mentioned? This dog ain't barking so loudly it's deafening. So, are both sides really that stupid, or is someone covering up something? I find the former hard to believe - once, maybe, but every single time this sort of thing happens?
Why guess when you can know? Measure!
If it was per person, it would be better.
As a total, it's embarrassing.
the fine is only 500,000 Pound (roughly $6,62,000)
Damn, I will never get used to the way the Europeans use commas and decimal points.
I am not interested in articles about life extension advancements.
The Maximum penalty would be dissolution of the company. The maximum penalty the UK could probably make happen is they are no longer allowed to operate in the UK in any capacity.
IMO, a breach like this means they have demonstrated they cannot be trusted with private data, and should no longer be allowed to store private data.
The other question everyone should be asking is: How did they get this private data? I sure as hell didn't give them permission to have it. (I know, likely hidden away in the TOS of credit cards I have).
Kevin Seghetti: kts@tenetti.org, HTTP: www.tenetti.org GPG key: http://tenetti.org/phpwiki/index.php/KevinSeghett