Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security United Kingdom Privacy The Almighty Buck United States

Equifax Says Almost 400,000 Britons Hit In Data Breach (bbc.co.uk) 45

MalachiK shares a report from the BBC: Data about British people "may potentially have been accessed" during the data breach at the U.S. credit rating firm Equifax. The UK arm of the organization said files containing information on "fewer than 400,000" UK consumers was accessed in the breach. In a statement, the UK office of Equifax said an internal investigation had shown that data on UK consumers was accessed during the hack. It said data on Britons was being held in the U.S. due to a "process failure" which meant that a limited amount of information was stored in North America between 2011 and 2016. The information held included names, dates of birth, email addresses and telephone numbers. No addresses, passwords or financial data was involved.
This discussion has been archived. No new comments can be posted.

Equifax Says Almost 400,000 Britons Hit In Data Breach

Comments Filter:
  • by turkeydance ( 1266624 ) on Friday September 15, 2017 @05:42PM (#55206365)
    and say Everybody got Equifaxed
  • ... cluster fuck.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Equifux.

  • The entire consumer credit reporting industry has been "breached". It's only a matter of time before the other two players make their announcements.

    • We need a way to opt out of this madness.

      These institutions have created so much havoc for so many people.

  • Less than (Score:2, Insightful)

    by Anonymous Coward

    When it's less than it really mean 399,999 where as if it was nearly it would be 351,000.

    • by Anonymous Coward

      I don't even see why this is much of a minimisation anyway. It's 1 in 200 people in the UK even at those numbers. That's a huge hack by any measure on earth.

  • by mrbester ( 200927 ) on Friday September 15, 2017 @06:09PM (#55206525) Homepage

    By admitting to this, charges can be brought by UK under EU regulations for storing those details. Never mind the class action lawsuit wanting billions in reparation, now those with the power to levy their own fines and decide how large they can be can tear Equifax a new one so wide it can be used as an alternative to the Channel Tunnel.

    • By admitting to this, charges can be brought by UK under EU regulations for storing those details. Never mind the class action lawsuit wanting billions in reparation, now those with the power to levy their own fines and decide how large they can be can tear Equifax a new one so wide it can be used as an alternative to the Channel Tunnel.

      It's the way I see it. Europe actually have privacy laws they enforce https://en.wikipedia.org/wiki/... [wikipedia.org] "Controllers from outside the EU, processing data in the EU, will have to follow data protection regulation"

      I was actually glad to see Britons involved for the above reason alone.

  • not a Brit, but... (Score:5, Insightful)

    by Anonymous Coward on Friday September 15, 2017 @06:11PM (#55206537)

    This company needs the corporate death penalty. Shut it down, high level management in charge of security gets prison time.

    Unless there are meaningful penalties, companies are not going to stop aggregating our information and then failing to secure it. It's too easy to say, "cost of security is higher than OUR cost in a breach, so we'll ignore security".

    There have to be asses on the line. No excuses.

  • by Anonymous Coward

    It's just wonderful, with everyone's personal information completely out there, from now on the standard way of doing things is going to involve everyone having to freeze and unfreeze their credit manually with each freaking credit agency every time they need to do something with it. And giving money to the credit agencies in the process. Brilliant.

    • by ledow ( 319597 )

      Or:

      Stop using fucking names, addresses and "secret" (pfft) numbers to authorise credit.

      Do some fucking ID, 2-factor-authentication, etc. rather than just "You say that you're Fred Bloggs at 1 Privet Drive? Sure, have a loan".

      Literally credit authorisation without explicit notification of such (why is there not a "credit account" where I authorise with a password any credit request?) is just fucking stupid and always has been.

      If someone else who knows some obviously public data (I mean, fuck, Equifax have i

  • >> data on (400K) Britons was being held in the U.S. due to a "process failure"

    I suspect it would have been MORE Britons, but that Equifax only had data on 400K Britons.

    >> "We only store EU member data on EU servers..."

    (memebot: "Maury Povich": [anything Equifax says]: "our lie detector says that is a lie")
    • by ledow ( 319597 )

      Equifax operate in the UK where they hold a similar position to one or two other major credit reference agencies and it's pretty much even chances whether a credit check made by a company uses Equifax or the other major ones. But they all share data and if you ask for a loan from a company that uses one, and then ask for a loan from a company that uses another (e.g. comparing providers), then your data is on both for at least four years.

      Likely they have data, out of a population of 70m, on at least 35m of

  • a data breach, incompetence in reporting post event, and a healthy dose of insider trading, it now appears they were violating EU law as well.

    I hope Equifax doesn't go under too quickly. It's providing a lot of entertainment right now.

  • I actually decided to take action on this fiasco. I decided to try to find out if Equifax has a file on me and if so, was my file leaked. If those questions get positive answers, then I might need to do something. Spent a long time searching, mostly on the Equifax website, but also tried email, webform, chat, and was willing to try a voice call, too. Got NOTHING so far. It's almost like the Equifax people want to pretend there's no problem here.

    I think what's bugging me most about this abuse of personal information is that I don't get to join in. Let's take the case of you, whoever you are. Should I pay any attention to your comments? What is your reputation really like? Companies like Equifax have assembled comprehensive dossiers on you, but I can't even get a short summary for preemptive filtering. Hey, if a troll has no credit history at all, then why should I pretend the troll exists? Why should my supposedly valuable time be wasted by a sock puppet when a quick background check of his credit history would prove there's no one there?

    Now about that aggregation and display of public reputation on websites such as Slashdot... Karma hurts, don't it?

    Oh yeah. Forgot one bit. Please don't forget to let me know if I can do anything to help put Equifax into bankruptcy. Phone my congress-critters? Join a lawsuit? Tweet? The sky's the limit, unlike my own credit rating.

  • Equifax is now an international criminal organization.

  • Please be specific.

  • For an individual, process failures lead to inevitable to balance one's financial affairs. This is monetised by credit reference agencies at both ends, to the detriment of the individual.

    For credit reference agencies, process failures lead to....?

    What do we have which rates companies, so that we can assess the worth of companies and stonewall those which don't meet certain criteria?

    • For an individual, process failures lead to INABILITY to balance one's financial affairs. This is monetised by credit reference agencies at both ends, to the detriment of the individual.
      For credit reference agencies, process failures lead to....?
      What do we have which rates companies, so that we can assess the worth of companies and stonewall those which don't meet certain criteria?

  • by Anonymous Coward

    Educational background of Chief Information Office and Chief Security officer caught my attention. According to http://money.cnn.com/2017/09/15/news/equifax-top-executives-retiring/index.html CIO got bachelor's degree in Russian, CSO studied music in college. Both are retiring (not getting fired) according to the same article.

    Can somebody chime in if this is unusual for CIO/CSO positions?

    • Can somebody chime in if this is unusual for CIO/CSO positions?

      Not at all

    • It's not actually correct to burn the IT guys most of the time - especially at large organizations. They typically make sound recommendations which then get "haggled" into something between "secure" and "laughably insecure" - which of course is "laughably insecure." It's the people at the top who are responsible, the IT guy (CIO/CTO as well) just do what they can with the limited resources and ability they are given.
  • The fix will have something to do with monitoring pornography.
  • Even though the UK is leaving the EU, the EU is going to have a field day with this.

    It's good to know that Equifax will probably no longer exist in a few months. Probably makes sense why those executives sold their stock. They knew the company was over. The question is, will the other reporting agencies take their jobs more seriously?

  • I signed up for their "trustedid" thing 4 days ago. Was supposed to hear back and so far haven't heard ANYTHING. Went to Transunion and did a fraud alert. So at least all three will have to put me on fraud alert. Better than nothing.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...