Equifax UK has confirmed that its systems have not been affected by the major breach in the USA.
In a statement sent to Infosecurity, Equifax USA identified unauthorized access to limited personal information for certain UK consumers, but confirmed that “UK systems are not affected”.
“Equifax Ltd. and TDX Group systems and platforms are entirely separated from those impacted by the Equifax Inc. cybersecurity incident,” the statement said.
“Regrettably the investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.”
Equifax UK confirmed that the breached information was restricted to: name, date of birth, email address and a telephone number, and no addresses, passwords or financial data was included. Therefore, Equifax UK has determined that fewer than 400,000 UK consumers will need to be contacted in order to offer them appropriate advice and a range of services to help safeguard and reassure them.
It said: “Due to the nature of the information, Equifax believes identity takeover is unlikely for the UK consumers who had their data potentially accessed in this incident.” Free identity protection services will be offered to them to allow them to monitor their personal data, including their credit information and be alerted to any potential signs of fraudulent activity, and incorporate web and social media monitoring.
Patricio Remon, president at Equifax Europe, UK and Ireland, said: “We apologize for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.”