CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Data Breaches

Equifax Fined $13.5 Million Over 2017 Data Breach

UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach.

The British watchdog Financial Conduct Authority (FCA) on Friday announced that it has fined Equifax Ltd, the UK arm of credit reporting firm Equifax Inc, more than £11 million (approximately $13.5 million) over the massive 2017 data breach.

Roughly 147 million people were impacted by the incident, including 13.8 million UK consumers, after hackers gained access to Equifax servers in the US. In 2020, the US government indicted four members of China’s People’s Liberation Army (PLA) with hacking the credit reporting agency.

The cyberattack began on May 13, 2017, and remained undetected until July 29, 2017. Equifax made an announcement on the incident roughly a month and a half later, on September 7. The FCA launched a formal investigation into the incident in October 2017.

According to the regulator, Equifax Ltd failed “to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US”, leading to the exposure of names, addresses, phone numbers, dates of birth, Equifax membership login details, and partial credit card details.

“The cyberattack and unauthorized access to data was entirely preventable. Equifax did not treat its relationship with its parent company as outsourcing. As a result, it failed to provide sufficient oversight of how data it was sending was properly managed and protected,” the FCA notes.

The financial watchdog also notes that Equifax’s data security systems were plagued with known weaknesses and that the company’s British arm “failed to take appropriate action in response to protect UK customer data”.

Furthermore, the FCA points out that Equifax Ltd learned that UK consumer data had been compromised only 6 weeks after the hack was discovered, minutes before the American parent company made the incident public, and that it was unable to cope with complaints it received.

“Following the cybersecurity breach, Equifax made several public statements on the impact of the incident to UK consumers which gave an inaccurate impression of the number of consumers affected. Equifax also treated consumers unfairly by failing to maintain quality assurance checks for complaints following the cybersecurity incident, meaning complaints were mishandled,” the FCA also notes.

Advertisement. Scroll to continue reading.

In a final notice served to Equifax Ltd on October 3, the watchdog notes that the fine should have been of nearly £16 million (roughly $19.4 million).

In 2019, Equifax agreed to pay up to $700 million to settle charges related to the data breach. In 2020, a US court ordered the credit reporting company to invest a minimum of $1 billion in improving its data security stance.

Related: US States Announce $16M Settlement With Experian, T-Mobile Over Data Breaches

Related: Meta Agrees $90 Million Settlement in Facebook Privacy Suit

Related: Accellion Reaches $8.1 Million Settlement Over FTA Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.