Twice as many UK citizens had personal information stolen during the Equifax mega breach as previously announced.
"A file containing 15.2m UK records dating from between 2011 and 2016 was attacked in this incident. This file contained duplicates and spurious fields as well as sizeable test datasets. It also contained data relating to actual consumers."
Earlier Equifax updates created mystery around UK data impact
You have to go to the Equifax UK website to find this news--and we should have seen it coming.
On the Equifax breach response website in the U.S., Equifax announced that Mandiant completed the forensic analysis in the U.S. with 145.5 customers potentially impacted. This was back on October 2, 2017.
But that same update refused to commit on the UK breach impact, saying this:
"The forensic investigation related to United Kingdom consumers has been completed and the resulting information is now being analyzed in the United Kingdom. Equifax is continuing discussions with regulators in the United Kingdom regarding the scope of the company’s consumer notifications as the analysis of the completed forensic investigation is completed."
So how did those negotiations between Equifax and UK data regulators go? Now we know:
"This time-consuming and technically difficult analysis established that Equifax UK will need to contact 693,665 consumers by mail to offer them appropriate ID protection services. The information we were able to piece together about what was hacked allowed us to place these consumers into specific risk categories and define which services to offer them in order to protect against those risks."
Can you imagine the potential fines if this had happened after GDPR?
Specifics on how to prepare for GDPR
If you are wondering how to prepare for GDPR, which kicks in during spring 2018, watch our SecureWorld web conference live or on demand: "Preparing for GDPR in a Multi-Cloud World."
This complimentary web conference is lead by several GDPR experts from the business, legal and cybersecurity verticals.