[ad_1]
The Office of the Information Commissioner (ICO) will have to pay a £ 500,000 fine to the Equifax rating agency after failing to protect the personal data of 15 million Britons.
A cyber attack in 2017 revealed information belonging to 146 million people worldwide, mainly in the United States.
Compromised systems were also based in the United States.
But the ICO ruled that the UK's Equifax branch had "failed to take the appropriate steps" to protect the data of British citizens.
He added that "multiple failures" meant that the personal information had been kept longer than necessary and left vulnerable.
Originally, Equifax reported that fewer than 400,000 Britons had sensitive data exposed in the breach – but later they revealed that the number was close to 700,000.
Another 14.5 million British records would not have put people at risk, the company added last October.
The ICO, which has partnered with the Financial Conduct Authority to investigate the violation, found that this affected three distinct groups:
- 19,993 people in the UK had names, birth dates, phone numbers and driver's license numbers on display
- 637,430 British data subjects had names, dates of birth and phone numbers on display
- Up to 15 million people in the UK had names and dates of birth exposed
Keep down
Equifax had also been warned of a critical vulnerability of its systems by the US Department of Homeland Security in March 2017, revealed ICO.
According to the ICO, the appropriate measures to address the vulnerability have not been taken.
The violation occurred before the launch of the EU General Data Protection Regulation (GDPR) last May; the investigation took place in the UK under the Data Protection Act 1998.
And the £ 500,000 fine is the highest possible under this law.
"The loss of personal information, especially in the event of potential financial fraud, is not only disrupting customers, it is undermining consumer confidence in digital commerce," said Information Commissioner Elizabeth Denham.
"The situation is aggravated when the company is a global company whose activities are based on personal data."
An Equifax spokesman said the firm was "disappointed with the findings and the sanction".
"As the OIC states in its report, Equifax has successfully implemented a wide range of measures to prevent the repetition of such criminal incidents and recognizes the strengthened procedures currently in place.
"The criminal cyber-attack on our American parent company last year was a crucial moment for our company, and we apologize again to all consumers who have been put in danger."
Source link