Recently Browsing 0 members
No registered users viewing this page.
Equifax fined £500,000 by ICO for 2017 security breach
by Alex Alderson
The Information Commissioner’s Office (ICO) in the United Kingdom has today announced a £500,000 fine for Equifax Ltd in response to its security breach in 2017. The breach affected 146 million customers globally and compromised up to 15 million British citizen’s personal information.
ICO is the United Kingdom’s independent regulator for data protection and has been investigating Equifax’s security breach in cooperation with the Financial Conduct Authority (FCA) in the UK. The investigation revealed that Equifax had failed on multiple ways to take adequate measures to prevent information loss and that the company had been retaining data for longer than necessary.
While hackers compromised Equifax Inc systems in the USA, ICO determined that Equifax Ltd had been responsible for the protection of customer data of its UK customers. Equifax Inc had been processing Equifax Ltd customer data in the USA and according to ICO Equifax Ltd should have been more stringent in their steps to ensure that their parent company followed adequate data processing methods.
ICO conducted its investigation in line with the Data Protection Act 1998, which allowed ICO to issue a maximum fine of up to £500,000. ICO could not conduct their investigation under GDPR rules as the breach occurred before the date by which GDPR came into effect. ICO’s inability to retroactively apply GDPR’s harsher fines is somewhat of a win for Equifax, as GDPR rules would have allowed ICO to levy a fine of up to €20 million or 4% of global turnover.
According to ICO’s report, Equifax must pay the fine by October 19th, 2018. ICO will reduce the fine by 20%, or to £400,000, if Equifax pays by October 18th, 2018. If Equifax fails to pay the fine by this date, ICO can then apply to a County Court or the High Court in England or Wales for an order to recover the outstanding money.
Equifax Ltd also has a right to appeal to a Tribunal but doing so would mean that they would have to pay the full £500,000 if the Tribunal dismisses the appeal.
Equifax Ltd has reported that they have received the notice and are “considering the detailed points made”.
You can read the details of ICO's investigation here and Equifax's full response too at this link.
Equifax Inc.’s former chief executive officer said the credit-reporting company didn’t meet its responsibility to protect sensitive consumer information, confirming that the failure to fix a software vulnerability months ago led to the theft of more than 140 million Americans’ personal data......
PORTLAND, OR (AP) -- A federal jury in Oregon awarded $18.6 million to a woman who spent two years unsuccessfully trying to get Equifax Information Services to fix major mistakes on her credit report.
Julie Miller of Marion County was awarded $18.4 million in punitive damages and $180,000 in compensatory damages, though Friday's award against one of the nation's major credit bureaus is likely to be appealed, The Oregonian reported (http://is.gd/VYkiIs ).
The jury was told she contacted Equifax eight times between 2009 and 2011 in an effort to correct inaccuracies, including erroneous accounts and collection attempts, as well as a wrong Social Security number and birthday. Her lawsuit alleged the Atlanta-based company failed to correct the mistakes.
"There was damage to her reputation, a breach of her privacy and the lost opportunity to seek credit," said Justin Baxter, a Portland attorney who worked on the case with his father and law partner, Michael Baxter. "She has a brother who is disabled and who can't get credit on his own, and she wasn't able to help him."
Tim Klein, an Equifax spokesman, declined to comment on specifics of the case, saying he didn't have any details about the decision from the Oregon Federal District Court.
Miller discovered the problem when she was denied credit by a bank in early December 2009. She alerted Equifax and filled out multiple forms faxed by the credit agency seeking updated information. She had found similar mistakes in her reports with other credit bureaus, Baxter said, but those companies corrected their errors.
A Federal Trade Commission study earlier this year of 1,001 consumers who reviewed 2,968 of their credit reports found 21 percent contained errors. The survey found that 5 percent of the errors represented issues that would lead consumers to be denied credit.