ICO issues maximum fine for Equifax breach

Equifax has been fined the maximum £500,000 penalty for its breach last year which exposed data belonging to 146 million people around the world, including 15 million in the UK.

The ICO investigation found that, although the information systems in the US were compromised, Equifax Ltd was responsible for the personal information of its UK customers. The UK arm of the company failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information.

Multiple failures at the credit reference agency led to personal information being retained for longer than necessary and vulnerable to unauthorised access, the ICO found.

The company contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data.

The penalty imposed represents the maximum allowed under the previous legislation. The investigation was carried out under the Data Protection Act 1998, as the failings occurred before the rather more strict GDPR came into force in May of this year.

    Share Story:

YOU MIGHT ALSO LIKE


Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023

Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.