A credit reference agency that failed to protect the details of 15 million people in the UK during a cyber attack has been fined £500,000.
The personal information lost or compromised during the incident between 13 May and 30 July 2017 ranged from names and dates of birth to addresses, passwords, driving licence and financial details.
The Information Commissioner’s Office (ICO) found that Equifax’s systems to manage the personal information were inadequate and ineffective, while investigators found significant problems with data retention, IT system patching and audit procedures.
The investigation, carried out in conjunction with the Financial Conduct Authority, found that parent company Equifax Inc had been warned by the US Department of Homeland Security about a “critical vulnerability” two months before the cyber attack.
Source: Sky News