Credit reference company Equifax Inc’s UK arm, Equifax Ltd, has been slapped with a £500,000 fine by UK regulators for failing to protect the personal information of up to 15m people in Britain during the 2017 cyber attack.
In its statement, the Information Commissioner’s Office (ICO) stated that it found that although Equifax systems in the United States were compromised, Equifax Ltd was responsible for the personal information of its customers in Britain.
Equifax said its UK office received the Monetary Penalty Notice from the ICO on Wednesday and was evaluating the notice and its response.
“The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce,” said Elizabeth Denham, head of the ICO. “This is compounded when the company is a global firm whose business relies on personal data.”
Equifax added that it cooperated fully throughout the investigation.