UK data agency fines Equifax £500,000 over data breach


As a fall out of the data breach that saw its customer data disappearing into the hands of hackers, Equifax has been issued with the maximum possible penalty by the UK’s data protection agency.

The agency said in its announcement that Equifax must £500,000 as the fine for the data breach.

Equifax is a credit rating giant that collects data about customers’ financial habits and shares it with banks for consideration for financial loans and credit.

It would be recalled that Equifax had announced last year that hackers invaded its network, stealing millions of customer data.

The agency said Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 — including, failure to secure personal data; poor retention practices; and lack of legal basis for international transfers of UK citizens’ data.

“Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law,” said information commissioner Elizabeth Denham in a statement. “We are determined to look after UK citizens’ information wherever it is held.”

“The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce. This is compounded when the company is a global firm whose business relies on personal data,” she added.