- #Breach and clear deadline freezes on load Patch
- #Breach and clear deadline freezes on load full
- #Breach and clear deadline freezes on load verification
- #Breach and clear deadline freezes on load license
#Breach and clear deadline freezes on load Patch
I suspect that the ICO decided a large fine was appropriate given a number of factors, including a continued failure to patch known vulnerabilities, not having a legal basis for international transfers of personal data and an extremely late notification of the breach. In response to the hack, Equifax offered a measly free credit monitoring service for one year to those affected and waived fees (temporarily) for individuals who decided to freeze their credit records in an attempt to avoid identity theft. This marks the biggest fine ever issued by the ICO (the ICO also recently stated its ‘intent’ to fine Facebook £500,000) and whilst it may not be a fine big enough to really rock a company with a revenue of $3.1bn it will severely undermine consumers trust and no doubt have a huge impact on the business that Equifax conducts.
#Breach and clear deadline freezes on load full
You can read the full report from the ICO HERE and the rather un-interesting response from Equifax HERE.
This is exactly the amount issued today by the ICO. However, the ICO continued to conduct its own investigation although, due to the date of the breach, the investigation was conducted under the Data Protection Act 1998, rather than the current GDPR which limits the possible fine to £500,000. Reuters reported back in June that the company had avoided “fines in deal with U.S. Their CEO, Richard Smith retired rather quickly in circumstances many have compared to the Enron scandal, leaving him with an eye-watering $90 million payday. As well as their board forfeiting bonuses a number of key individuals have also been replaced, including their CISO and CEO. This morning the value of their stock has been hit further (although far less pronounced) dropping from $138 to $134. It took Equifax 5 months to disclose the breach and the company also refused help from the US department of homeland security.Įquifax suffered hugely as a company with its stock price plummeting from $142 to $93 in September last year. The ICO stated “ has no excuse for failing to adhere to its own policies and controls as well as the law”. The ICO, working with the FCA, also found that “personal information being retained for longer than necessary”.
#Breach and clear deadline freezes on load verification
After digging further it’s clear that the intrusion was via their identity verification tool provided by Apache Struts and happened after Equifax was made aware of a vulnerability and failed to apply a patch.
The FT states that the fine is for “failing to address known IT problems and unlawfully storing British data in the US”.
#Breach and clear deadline freezes on load license
The personal data compromised in this hack included names, dates of birth, addresses and even passwords, driving license and financial details. The ICO has clarified that the breach took place “between 13 May and 30 July 2017 in the US 146 million customers globally … up to 15 million UK citizens”. In September 2017 Bloomberg reported a data hack had compromised personal data held by the company. It’s listed on the NYSE, has an annual revenue of $3.1 billion and employees in 14 countries, including the UK.
Most people assume that Equifax is a recent company that found its feet in the digital age however, this company is far more mature than most people are aware, being founded in 1899 in the US. is a global company with information on over 800 million data subjects around the world across more than 88 million businesses. The maximum allowed under the previous legislation (DPA1998/pre-GDPR).Įquifax Inc. Credit reference agency Equifax fined £500,000 by the ICO for security breach.