After suffering a major data breach earlier this year, credit rating company Equifax now believes that the number of UK customers had their information stolen has doubled from their initial estimate, and that millions more could have had their details compromised.
The firm is contacting almost 700,000 UK customers to warn them about having had their data stolen in the attack. Equifax’s original estimates were that “fewer than 400,000” were affected by the leak in the UK. However, it has since revised this estimate to say that it now believes over 690,000 people could have had their data, including email addresses, passwords, driving license and phone numbers, leaked. The revised figure comes after investigators looking into the Equifax breached discovered another file had been stolen.
Last Tuesday night it became apparent that criminals had targeted 15.2 million records in the UK. The stolen data included partial credit card details of fewer than 15,000 customers. The hackers responsible for the theft may also have compromised a further 14.5 million records including details such as names and birth dates, which could be used by fraudsters to carry out identity theft.
Equifax’s systems in the US were compromised by cyber criminals between May and July, allowing the hackers to steal the information of millions of customers. Approximately 14.5 million consumers in the US could have been affected in the attack – a figure that Equifax had also underestimated initially. The US-based credit reference agency said the details of some British people had been stored across the Atlantic, resulting in them being implicated in the hack.
Richard Smith, Equifax chief executive and chairman, stepped down in the weeks after the hack was reported. The company, which holds data on around 820 million consumers and 91 million companies, said it faced a “massive” task responding to the hack.
Patricio Remon, Equifax’s president for Europe, said: “Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act. It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed.”
Equifax said customers who receive a letter from the firm can make use of its identity protection service and contact its staff through a seven-day help line. It advised that it will never contact consumers to ask for money or personal information, and that it will never cite their details in correspondence. Remon added: “I urge anyone who receives a letter from Equifax to take advantage of the remedial services being offered to help mitigate against any risk, or to contact us should you have any questions.”