Published: 20/09/17 by Gulraj Rijhwani
12 days ago, Equifax the US credit reference agency admitted to having been victim to a significant data breach exposing all of their US records. At the time the initial claim was that no other countries were affected. Shortly after, unspecified numbers of UK and Canadian were also revealed to be at risk. The UK ICO insisted that Equifax publish details of the risk to UK citizens, but only now has the information been forthcoming.
In a statement issued by their UK arm the company admits that due to process faults between 2011 and 2016, around 400,000 UK citizens had data mistakenly stored in the US, and that it will be contacting them to offer similar services to those already on offer the the US victims of the breach.
Since the original American announcement, a significant degree of further information has come to light as to the vulnerability that was exploited to gain access to the system. A patch to a widely recognised vulnerability in the web platform (Apache Struts) was neglected for several months, raising questions as to why. Answers may be forthcoming, eventually, but the consequences within the company are already being felt with both the Chief Information Officer and the Chief Security Officer “retiring”, effective immediately, and the company’s credibility being significantly dented. And of course the consequence for the innocent subjects caught up in the aftermath is a future of uncertain security, with their risk of exposure to targeted phishing and other identity-theft attacks greatly increased.
If you are concerned about becoming the next hacking headline, get in touch to speak with one of our team about how we can help reduce your security vulnerabilities.
10th Floor, 3 Hardman Street
1st Floor, 138a Main Street