FCA Levies £11m Fine on Equifax for Massive Consumer Data Breach

The Financial Conduct Authority (FCA) has imposed an over £11 million fine on Equifax for its failure to protect customer data during a major breach, which was outsourced to its US parent company. This incident, dating back to 2017, exposed the personal information of 13.8 million UK consumers and a total of 147.9 million people worldwide, marking it as one of the most significant cybersecurity violations ever recorded.

A Major Security Failure

This grave infringement of consumer data led to the resignation of the company’s CEO and a lawsuit from the Independent Community Bankers of America (ICBA). The breach exposed the names, dates of birth, login credentials, phone numbers, partial credit card details, and home addresses of Equifax customers.

According to the FCA, Equifax was negligent and unprepared to safeguard its clients’ information. The regulator also criticized the company for its inadequate customer support and misleading communication regarding the security breach.

Equifax’s Responsibility to Protect Customer Data

Therese Chambers, the FCA’s joint executive director of enforcement and market oversight, emphasized the responsibility financial firms bear to secure customer data. She noted, “Equifax failed to do so and compounded this failure by mishandling their response to the data breach. Cyber criminals are sophisticated and innovative; it is imperative that firms maintain the highest standards in data protection.”

Jessica Rusu, FCA chief data, information, and intelligence officer, further highlighted the growing importance of cybersecurity and data protection for the security and stability of financial services.

Equifax Responds to the Fine

In response to the fine, Patricio Remon, President for Europe at Equifax, stated that the company has fully cooperated with the FCA throughout the investigation. He pointed out that the company has invested over $1.5 billion in a security and technology transformation since the cyberattack six years ago, with the aim of better protecting consumers’ information.