Nearly 700,000 British consumers may have had personal data compromised in the massive breach at Equifax, the US credit reporting agency said Tuesday.
“Although our UK business was not breached, the attack regrettably compromised the personal information of a range of UK consumers,” the company said in an emailed statement.
The company, which last month announced one of the most potentially damaging data breaches affecting some 145 million Americans, said the attackers also accessed a file containing 15.2 million records on 693,665 British nationals.
“Equifax takes this illegal and unprecedented breach of consumers’ data extremely seriously and has begun writing to the groups of consumers outlined below to notify them of the nature of the breach and offer them appropriate advice,” the statement said.
The company said it waited for a forensic analysis of the cyber attack before determining its course of action for Britons.
“Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act,” said Patricio Remon, president for Europe at Equifax Ltd.
“It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed.”
Last week, former Equifax chief Richard Smith blamed a combination of human and technical error for the breach, which is not the largest on record but which could have leaked sensitive financial information on consumers.
An internal investigation determined the unauthorized access occurred from mid-May through July 2017, according to the company.
Equifax collects information about people and businesses around the world and provides credit ratings used for decisions regarding loans and other financial matters.