Had earlier said ‘fewer than 400,000’ Brits affected
Just days after Yahoo revised its figures and said all 3bn users were affected in the 2013 cyber-attack, this time Equifax, a US-based credit reporting agency, has now revised its number and said that 15.2m British users had been affected in a 2011-2016 cyber hack — a number which was earlier estimated to be “fewer than 400,000”.
The hacked details include partial credit card details, phone numbers and driving licence serial numbers, the Georgia- based firm has said.
Equifax had discovered the attack in July but only informed the consumers last month. Following the first report, the information commissioner had ordered the agency to inform British nationals “at the earliest opportunity” if their personal information was at risk.
Last night, the company revised its figures and said that around 4.5m US nationals were affected in the attack due to a web server vulnerability between 2011 to 2016. The agency also stated that a file containing records of 15.2m British users was hacked and included data from “actual” consumers, as well as test and duplicate data.
The company has said it would 693,665 Brits by post and offer them several of its own and third-party risk-mitigation products for free to protect against any potential risk.
The breach has reportedly prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice.
Once again, Equifax’s Europe chief Patricio Remon has apologised for the cyber attack: “It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed,” he said.
As a credit reporting agency, Equifax keeps sensitive consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting for financing for homes, cars and credit cards.