The Financial Conduct Authority (FCA) has fined Equifax over £11 million for failing to protect their customers from a data breach outsourced to its US parent company.
In 2017 Equifax failed to protect 13.8 million UK consumers, and 147.9 million people in total from cyberhackers as their data was outsourced to the US for processing, making it one of the largest cybersecurity violations in history. The infringement led to the resignation of their CEO and a lawsuit from the Independent Community Bankers of America (ICBA).
The UK financial watchdog stated that millions of UK consumers have been exposed by the recent failure in security, allowing hackers names, dates of birth, login details, phone numbers, partial credit card details, and home addresses of Equifax customers.
Therese Chambers, joint executive director of enforcement and market oversight at the FCA, stated: “Financial firms hold data on customers that is highly attractive to criminals. They have a duty to keep it safe and Equifax failed to do so. They compounded this failure by the ways they mishandled their response to the data breach. Regulated firms are on the hook, regardless of whether they outsource or not. The risk of identity theft never stops. Cyber criminals are sophisticated and innovative; it is imperative that firms maintain the highest standards in data protection.”
The FCA declared that Equifax was negligent, unprepared to protect their customers’ information, insufficient in how they supported their users, and misleading in the way they addressed the security breach.
Jessica Rusu, FCA chief data, information, and intelligence officer, commented: “Cyber security and data protection are of growing importance to the security and stability of financial services. Firms not only have a technical responsibility to ensure resiliency, but also an ethical responsibility in the processing of consumer information. The Consumer Duty makes it clear that firms must raise their standards.
In response to the news, Patricio Remon, President for Europe at Equifax, said: “Equifax has cooperated with the FCA fully throughout this long running investigation and has been recognised by the FCA for that cooperation, our transformation programme and the voluntary consumer redress exercise we implemented after the incident. Since the cyberattack against our company six years ago, we have invested over $1.5 billion in a security and technology transformation. Few companies have invested more time and resources than Equifax to ensure that consumers’ information is protected."