Security experts have branded a cyber-attack on credit rating agency Equifax as an “unmitigated disaster” after the attack threatened the exposition of up to 44 million people’s data within the UK.
Experts also criticised the response of US based company Equifax, as they lost the personal information of 143 million people to hackers due to a cyber breach. The hack compromised a large amount of personal data including names, addresses and birthdays. For more than 200,000 people, the hack also exposed their credit card numbers.
The company has also admitted that UK consumers have been affected by the breach but have failed to disclose how many.
Equifax is understood to hold data on 44 million British consumers.
Companies including Capital One, British Gas and BT all had British customers affected by the breach believed to have run between mid-May and the end of July.
The founder of The Cyber Security Expert, Robert Pritchard described the breach as an ‘unmitigated disaster’ but also stated that there has been a lack of clarity surrounding how much UK data has been kept in the US and therefore may have been affected.
Equifax did not notify the public of the hacking until 40 days after the attack. It also later emerged that three senior executives at the New York Stock Exchange listed firm had sold off shares worth approximately £1.4m before the breach was publically exposed.
The Information Commissioner’s Office (ICO), the UK data watchdog has stated that it is investigating the incident and has urged Equifax to contact UK consumers believed to have been affected.
The National Cyber Security Centre (NCSC) also released a statement noting that they had been made aware of a cyber incident that affected Equifax and encouraged those who believe they have been a victim of cybercrime to contact Action Fraud.
“It is difficult to underestimate the seriousness of this breach and the potential damage to users resulting from a successful attack on such a large company holding vast quantities of their client's sensitive financial data.
"In an age when the public is, it seems, exposed to news of a new data breach every week the Equifax breach manages to be genuinely shocking. That is not least as a result of allegations that senior managers at Equifax sold parts of their shareholding after learning of the breach but before it was made public.
"If true, such an allegation could form the basis of criminal charges of fraud and insider dealing, a new development in relation to such breaches.”