Equifax data breach ethical issues1/7/2024 However, Bloomberg reported on Monday that it was actually the second time the company had been breached this year. And for reasons that remain unclear, it took yet another month for the company to publicly disclose the breach. When did the company know about it?Įquifax has said that the breach occurred in mid-May, but that it only discovered intruders had compromised its systems on July 29 - nearly two months later. How did it happen? Here's what we know so far, and what we don't. In a statement released Tuesday, the company finally confirmed approximately 100,000 Canadians were affected too, with names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers among the personal information potentially accessed. Equifax was found to have contravened five out of eight data protection principles of the Data Protection Act 1998 in protecting the data of UK citizens.It's been nearly two weeks since the credit monitoring company Equifax admitted it had suffered one of the largest data breaches in recent memory - exposing the personal information of a whopping 143 million U.S. In 2018, the UK Information Commissioner’s Office (ICO) issued £500,000 fine to Equifax in relation to the same incident. agreed to pay $575m as part of a settlement with the Federal Trade Commission and 50 US states for its security failings during the incident. The Consumer Duty makes it clear that firms must raise their standards,” she said. “Firms not only have a technical responsibility to ensure resiliency, but also an ethical responsibility in the processing of consumer information. Jessica Rusu, FCA Chief Data, Information and Intelligence Officer, added that the severe penalty underlines the fact that cybersecurity and data protection are crucial to the security and stability of financial services. Cyber-criminals are sophisticated and innovative it is imperative that firms maintain the highest standards in data protection,” she warned. Therese Chambers, Joint Executive Director of Enforcement and Market Oversight at the FCA said that regulated financial firms are responsible for their customers’ data, regardless of whether it is outsourced or not. It added that the firm mishandled complaints from UK consumers by failing to maintain quality assurance checks for the complaints. The FCA said Equifax Ltd’s public statements on the impact of the incident “gave an inaccurate impression of the number of consumers affected.” Misleading Statements and Mishandling Complaints This led to delays in informing UK customers that their information had been accessed. The UK business was only informed approximately five minutes before the official announcement in September 2017. The regulator noted that Equifax Ltd did not find out that UK consumer data had been accessed until six weeks after its parent company had discovered the hack. This is despite there being “known weaknesses in Equifax Inc’s data security systems.” The FCA ruled that the theft of UK data was “entirely preventable.” However, as Equifax did not treat its relationship with its parent company as outsourcing, it did not provide sufficient oversight of how the data it was sending was managed and protected. This included names, dates of birth phone numbers, Equifax membership login details, partially exposed credit card details, and residential addresses. had outsourced data to Equifax Inc’s servers in the US for processes. Hackers were able to access the details of UK consumers because Equifax Ltd. Theft of Data Was Preventableĭuring the incident, threat actors exploited an unpatched Apache Struts vulnerability to gain access to the sensitive information. The incident was discovered in July 2017, but it was another six weeks before it was disclosed to the public in September. In 2017, the US-based credit-monitoring service reported a data breach of 143 million records. The FCA stated that Equifax’s UK business failed to take appropriate action to protect the personal data of 13.8 million UK consumers held by its US-based parent company. The Financial Conduct Authority (FCA) announced the financial penalty on October 13, 2023. over £11m ($13.4m) for failing to protect UK consumer data stolen in the notorious 2017 data breach. The UK’s financial regulator has fined Equifax Ltd.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |