Equifax Fined by Financial Conduct Authority for Cybersecurity Breach
Great Britain finally issued a final verdict in a long case regarding Equifax, which made a monstrous leak of information in 2017. The credit bureau then unintentionally revealed the data of credit history and other confidential information of 143 million customers.
The Financial Conduct Authority (FCA), the financial regulator of Great Britain, announced today the fine of Equifax Ltd. for more than £11 million (13.4 million dollars or 1.3 billion rubles).
According to FCA, Equifax Ltd. did not take the necessary measures to protect personal data of 13.8 million British consumers, which were stored by its American parent company.
In 2017, Equifax announced safety violations, as a result of which 143 million unique records were lost. The incident was discovered in July 2017, but the information became public only six weeks later.
During the incident, hackers used vulnerability in the Apache Struts program to access confidential information. Judging by the rumors that had walked at that time, hackers could have access to Equifax networks almost since November 2016, but the bureau has refuted this information.
The data of British citizens, was reported, were leaked due to the fact that Equifax Ltd. transferred the processing of my parent company in the United States. FCA stated that theft of data was “completely preventive.” However, despite the well-known vulnerabilities in Equifax Inc. security systems, a subsidiary Equifax Ltd. did not exercise sufficient control over the protection of the transmitted data.
The regulator also noted that the British branch learned about access to consumer data also only six weeks after the detection of hacking the parent company.
Public statements by Equifax Ltd. regarding the incident, they created an inaccurate idea of the number of injured consumers, and the company inadequately responded to complaints of British customers, the regulator says.
Teresa Chembers from FCA emphasized that financial companies are required to take care of the data of her customers, regardless of their outsourcing. Jessica Rus from the same organization added that the decision of the regulator emphasizes the importance of cybersecurity for the stability of financial services.