» ISP News » 

UPDATE Equifax Hack Confusion – Fears for UK Customers of BT and Other ISPs

Monday, September 11th, 2017 (4:04 pm) - Score 3,099

Fears are growing that potentially up to 44 million consumers in the United Kingdom, including customers of BT and possibly other broadband providers, could be caught up in the huge personal data breach that hit US credit rating firm Equifax from May – July 2017 (details were only revealed last week!).

Last Thursday Equifax revealed that a vulnerability in their website had enabled hackers to steal masses of personal data from their server between mid-May and July 2017. At the time it was reported that the incident, which had first been discovered on 29th July 2017, may have affected up to 143 million customers in the USA.

Apparently the data that was exposed included names, social security numbers, dates of birth, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Richard F. Smith, Chairman and Chief Executive Officer, said:

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

At the time Equifax also claimed to have “identified unauthorized access to limited personal information” for certain UK and Canadian residents, although no further details were revealed. However reports since then have claimed that the firm handled data belonging to around 44 million consumers in the United Kingdom via clients such as British Gas, BT and Capital One etc.

A BT Spokesperson said:

“We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”

Equifax is far from being a household name in the UK, which is hardly surprising as they’re often employed behind the scenes and a lot of ordinary consumers won’t have ever had cause to engage with them directly. However this also means that many people may overlook the news, based on the assumption that it’s nothing to do with them; except it’s now possible that the opposite may be true.

Naturally Equifax has been heavily criticised for taking such an absurdly long time to disclose the breach. Similarly there’s frustration at their seeming inability to confirm precisely how many consumers in the United Kingdom may be impacted, as well as which companies have been hit and what the “limited personal information” actually covers (we assume they must have some idea).

Consumers now face a anxious wait to find out whether or not their own details have been stolen. In the meantime Equifax has established a somewhat vague information website, which is comically called Equifax Security 2017 and doesn’t appear setup to handle citizens from the UK. Meanwhile the wait for answers continues.

UPDATE 15th September 2017

Equifax has confirmed that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them. The investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.

The information was restricted to: Name, date of birth, email address and a telephone number. Equifax has also confirmed that the data does not include any residential address information, password information or financial data. The compromised UK consumer data does not relate to any single Equifax business client or institution.

Patricio Remon, President at Equifax Ltd., said:

“We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.”

Due to the nature of the information “Equifax believes identity takeover is unlikely for the UK consumers who had their data potentially accessed in this incident“. The company said that it “will be proactively contacting impacted customers in writing to offer them a free comprehensive identity protection service which will allow them to monitor their personal data, including their credit information and be alerted to any potential signs of fraudulent activity.”

The investigation is ongoing and Equifax added that they were “in dialogue” with the Financial Conduct Authority and Information Commissioner’s Office.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
12 Responses
  1. Steve Jones says:

    Equifax is one of three main credit reference agencies sed in the UK. Equifax and Experion are both American, and the third (Callcredit) is a partner of the third American agency TransUnion.

    Pretty well every major utility, mobile phone, ISP, bank or loan company is going to be using at least one of these.

    These companies get all their information from these companies. They’ll get your credit card details (and payment records) from the car operating companies. They’ll get your record of payments on loans, phone bills, utility bills and so on from all the relevant sources (and, not doubt, pay for the information too).

    So if you ever sign up to one of those consumer credit reference agencies (like Clearscore or Experian), you may get slightly disturbed about what they now about you. Residence, if you registered to vote, county court judgements, credit car repayment record, outstanding debts, mortgage payments.

    I foresee some very, very big fines being levied against Equifax…

    1. Steve Jones says:

      As an example, Clearscore know at least this about me…

      You have no Court or Insolvency data
      You have no accounts in Default or Repossession
      You have been on the Electoral Roll at your current address for a long time
      You have made very few applications for credit in the past year
      You have held at least one of your accounts for several years
      You have very few / no accounts in arrears
      Your largest credit card limit is relatively high
      You have stayed within your credit card limit in the past year
      Your total credit card % utilisation is relatively low
      Your current Telecoms balance is relatively low

      You’ll note that of these only the Telecoms balance will have come from my phone service provider. All the others must be from other sources. Heaven knows what else is known.

    2. Steve Jones says:

      nb. reading up on Clearscore, they are partnered with Equifax…

    3. Bob2002 says:

      They now have a $70 billion class action against them in the US.

  2. finaldeest says:

    This is a serious breach and is Identity theft on a massive scale.

    Time to keep a close eye on your bank accounts folks.

    Recommend everyone to change all passwords for all your accounts, e.g email, banking, etc.

  3. Be aware says:

    Please be aware that taking up their ‘generous’ offer of a years free identity theft monitoring requires you to waive your right participate in the almost inevitable class action lawsuit 🙁

  4. Martin says:

    don’t these firms dubug their software? expect they are still using corbal!

  5. Kev says:

    I’m not sure how correct it is, however another article states that they were told about the scripting issue in 2016 and failed to correct it

  6. M says:

    Has the ICO been notified yet? They need to be punished.

  7. John Ferris says:

    For the record, they state no financial information or address details have been stolen from uk clients I for one have had bank card and address details stolen, about time they were honest about what was actually taken from people.

  8. Adam says:

    The statement from Equifax must be incorrect because they have told me the following was accessible to hackers:
    * Name and Address
    * Date of birth
    * Username and password (why was this not hashed)
    * Secret question and answer
    * Credit card details (first & last 4 digits)

    1. Cor says:

      I got the same letter… not sure how to proceed???

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Ultrafast ISPs
  • Gigaclear £17.00
    Speed: 200Mbps, Unlimited
    Gift: None
  • Community Fibre £17.99
    Speed: 150Mbps, Unlimited
    Gift: None
  • Virgin Media £24.00
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £25.00
    Speed: 100Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00
    Speed: 158Mbps, Unlimited
    Gift: Promo code: BIGBANG
Large Availability | View All
New Forum Topics
ZTE MC801A Review
Author: dabigm
FTTP upgrade
Author: Wales85
Author: dabigm
Testing: O2 - L09/L23 & N28/N78
Author: JitteryPinger
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 33Mbps, Unlimited
    Gift: Promo code: BIGBANG
  • Shell Energy £20.99
    Speed 35Mbps, Unlimited
    Gift: None
  • NOW £22.00
    Speed 36Mbps, Unlimited
    Gift: None
  • Vodafone £22.00
    Speed 38Mbps, Unlimited
    Gift: None
  • Plusnet £22.99
    Speed 36Mbps, Unlimited
    Gift: £75 Reward Card
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (4207)
  2. BT (3181)
  3. Politics (2149)
  4. Building Digital UK (2042)
  5. Openreach (1996)
  6. FTTC (1931)
  7. Business (1866)
  8. Mobile Broadband (1630)
  9. Statistics (1525)
  10. 4G (1398)
  11. FTTH (1372)
  12. Virgin Media (1301)
  13. Ofcom Regulation (1251)
  14. Fibre Optic (1246)
  15. Wireless Internet (1244)
  16. Vodafone (940)
  17. 5G (923)
  18. EE (920)
  19. TalkTalk (832)
  20. Sky Broadband (795)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact