Data of up to 400,000 British customers of the US credit rating firm Equifax may have been accessed during a large-scale data breach that occurred between mid-May and the end of July this year.
Although the firm’s UK systems weren’t affected by the breach, UK customer data stored on US systems between 2011 and 2016 “may have potentially been accessed”.
It could be one of the biggest data breaches on record in the UK.
Patricio Remon, the president of Equifax, said in a statement: “We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.” (The term ‘going forward means ‘from now on.’)
The hack, which compromised the data of over 143 million Americans, is currently being investigated by the US Federal Trade Commission.
Equifax said in a statement on Friday that names, email addresses, telephone numbers, and dates of birth are among the information that the cyber-criminals may have accessed. No addresses, passwords or financial data was involved.
The company said it will reach out to customers who were affected and offer free ID protection services that monitors personal data and credit information.
“An internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation,” the company said.
US Senator Mark Warner, a member of the Senate Banking Committee, described Equifax’s response to the breach as “alarming”, accusing the firm of “exceptionally poor cyber security practices.”