» ISP News » 

UPDATE Equifax Hack Confusion – Fears for UK Customers of BT and Other ISPs

Monday, September 11th, 2017 (4:04 pm) by Mark Jackson (Score 1,678)
danger uk internet security problem

Fears are growing that potentially up to 44 million consumers in the United Kingdom, including customers of BT and possibly other broadband providers, could be caught up in the huge personal data breach that hit US credit rating firm Equifax from May – July 2017 (details were only revealed last week!).

Last Thursday Equifax revealed that a vulnerability in their website had enabled hackers to steal masses of personal data from their server between mid-May and July 2017. At the time it was reported that the incident, which had first been discovered on 29th July 2017, may have affected up to 143 million customers in the USA.

Apparently the data that was exposed included names, social security numbers, dates of birth, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Richard F. Smith, Chairman and Chief Executive Officer, said:

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

At the time Equifax also claimed to have “identified unauthorized access to limited personal information” for certain UK and Canadian residents, although no further details were revealed. However reports since then have claimed that the firm handled data belonging to around 44 million consumers in the United Kingdom via clients such as British Gas, BT and Capital One etc.

A BT Spokesperson said:

“We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”

Equifax is far from being a household name in the UK, which is hardly surprising as they’re often employed behind the scenes and a lot of ordinary consumers won’t have ever had cause to engage with them directly. However this also means that many people may overlook the news, based on the assumption that it’s nothing to do with them; except it’s now possible that the opposite may be true.

Naturally Equifax has been heavily criticised for taking such an absurdly long time to disclose the breach. Similarly there’s frustration at their seeming inability to confirm precisely how many consumers in the United Kingdom may be impacted, as well as which companies have been hit and what the “limited personal information” actually covers (we assume they must have some idea).

Consumers now face a anxious wait to find out whether or not their own details have been stolen. In the meantime Equifax has established a somewhat vague information website, which is comically called Equifax Security 2017 and doesn’t appear setup to handle citizens from the UK. Meanwhile the wait for answers continues.

UPDATE 15th September 2017

Equifax has confirmed that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them. The investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.

The information was restricted to: Name, date of birth, email address and a telephone number. Equifax has also confirmed that the data does not include any residential address information, password information or financial data. The compromised UK consumer data does not relate to any single Equifax business client or institution.

Patricio Remon, President at Equifax Ltd., said:

“We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.”

Due to the nature of the information “Equifax believes identity takeover is unlikely for the UK consumers who had their data potentially accessed in this incident“. The company said that it “will be proactively contacting impacted customers in writing to offer them a free comprehensive identity protection service which will allow them to monitor their personal data, including their credit information and be alerted to any potential signs of fraudulent activity.”

The investigation is ongoing and Equifax added that they were “in dialogue” with the Financial Conduct Authority and Information Commissioner’s Office.

Delicious
Add to Diigo
Leave a Comment
9 Responses
  1. Steve Jones

    Equifax is one of three main credit reference agencies sed in the UK. Equifax and Experion are both American, and the third (Callcredit) is a partner of the third American agency TransUnion.

    Pretty well every major utility, mobile phone, ISP, bank or loan company is going to be using at least one of these.

    These companies get all their information from these companies. They’ll get your credit card details (and payment records) from the car operating companies. They’ll get your record of payments on loans, phone bills, utility bills and so on from all the relevant sources (and, not doubt, pay for the information too).

    So if you ever sign up to one of those consumer credit reference agencies (like Clearscore or Experian), you may get slightly disturbed about what they now about you. Residence, if you registered to vote, county court judgements, credit car repayment record, outstanding debts, mortgage payments.

    I foresee some very, very big fines being levied against Equifax…

    • Steve Jones

      As an example, Clearscore know at least this about me…

      You have no Court or Insolvency data
      You have no accounts in Default or Repossession
      You have been on the Electoral Roll at your current address for a long time
      You have made very few applications for credit in the past year
      You have held at least one of your accounts for several years
      You have very few / no accounts in arrears
      Your largest credit card limit is relatively high
      You have stayed within your credit card limit in the past year
      Your total credit card % utilisation is relatively low
      Your current Telecoms balance is relatively low

      You’ll note that of these only the Telecoms balance will have come from my phone service provider. All the others must be from other sources. Heaven knows what else is known.

    • Steve Jones

      nb. reading up on Clearscore, they are partnered with Equifax…

    • Bob2002

      They now have a $70 billion class action against them in the US.

  2. finaldeest

    This is a serious breach and is Identity theft on a massive scale.

    Time to keep a close eye on your bank accounts folks.

    Recommend everyone to change all passwords for all your accounts, e.g email, banking, etc.

  3. Be aware

    Please be aware that taking up their ‘generous’ offer of a years free identity theft monitoring requires you to waive your right participate in the almost inevitable class action lawsuit 🙁

  4. Martin

    don’t these firms dubug their software? expect they are still using corbal!

  5. Kev

    I’m not sure how correct it is, however another article states that they were told about the scripting issue in 2016 and failed to correct it

  6. M

    Has the ICO been notified yet? They need to be punished.

Leave a Reply

Your email address will not be published. Required fields are marked *

IMPORTANT: Javascript must be enabled to post (most browsers do this automatically). On mobile devices you may need to load the page in 'Desktop' mode to comment.


Comments RSS Feed

* Your comment might NOT appear immediately (the site cache re-syncs periodically) *
* Comments that break our rules, spam, troll or post via fake IP/proxy servers may be blocked *
Promotion
Cheapest Superfast ISPs
  • Vodafone £20.00 (*25.00)
    Up to 38Mbps, Unlimited
    Gift: None
  • Origin Broadband £23.89 (*31.58)
    Up to 38Mbps, Unlimited
    Gift: None
  • Plusnet £24.99 (*33.98)
    Up to 38Mbps, Unlimited
    Gift: None
  • Sky Broadband £25.00 (*38.99)
    Up to 38Mbps, Unlimited
    Gift: None
  • Hyperoptic £26.00 (*35.00)
    Up to 100Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
Poll
*Javascript must be ON to vote*
The Top 20 Category Tags
  1. BT (1970)
  2. Broadband Delivery UK (1340)
  3. FTTP (1291)
  4. FTTC (1255)
  5. Openreach (986)
  6. Politics (976)
  7. Business (876)
  8. Statistics (787)
  9. Fibre Optic (759)
  10. Mobile Broadband (713)
  11. Wireless Internet (646)
  12. Ofcom Regulation (642)
  13. 4G (598)
  14. Virgin Media (595)
  15. FTTH (539)
  16. Sky Broadband (466)
  17. TalkTalk (441)
  18. EE (385)
  19. Security (316)
  20. 3G (276)
New Forum Topics
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Promotion

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules