In a recent development, Equifax (NYSE:EFX) has been fined £11.2 million by the Financial Conduct Authority (FCA) for its failure to secure UK consumer data that was outsourced to its US parent company and stored on their servers. The penalty, announced on Friday, comes in response to one of the largest cybersecurity breaches in history, which occurred in 2017 and exposed personal data of approximately 13.8 million UK consumers.
The compromised data, which included sensitive details such as names, birth dates, phone numbers, login credentials, partial credit card details, and residential addresses, was outsourced to US servers. This significant breach escalated the threat of financial crime and identity theft among affected consumers.
Senior FCA officials Therese Chambers and Jessica Rusu criticized Equifax for its negligence and failure to protect customer data. They also highlighted the company's mishandling of the breach's aftermath, which included poor handling of customer complaints and misleading public statements about the impact of the breach.
Equifax's security lapse was discovered six weeks after it occurred. Despite being aware of known security vulnerabilities, the company failed to take adequate protective measures, leading to unauthorized access and a significant risk of identity theft by cyber criminals. Equifax was informed about the breach just before its public announcement.
As an FCA-authorised firm, Equifax was required under the Consumer Duty to promptly notify affected individuals and handle complaints fairly. The FCA's hefty fine underscores the regulator's commitment to enforcing these rules and holding firms accountable for any lapses in data protection.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.