430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

400,000 UK consumers at risk after the Equifax data breach

About 400,000 Britons may have had their information stolen following the Equifax data breach, the news was reported by the UK division of the company. More details are emerging from the recent Equifax data breach that impacted approximately 143 million U.S. consumers. The attackers exploited the CVE-2017-5638 Apache Struts vulnerability that was fixed back in March, but the company […]

Equifax data breach

About 400,000 Britons may have had their information stolen following the Equifax data breach, the news was reported by the UK division of the company.

More details are emerging from the recent Equifax data breach that impacted approximately 143 million U.S. consumers. The attackers exploited the CVE-2017-5638 Apache Struts vulnerability that was fixed back in March, but the company did not update its systems, a thesis that was also reported by an Apache spokeswoman to the Reuters agency.

Now the UK division of the credit reference agency has revealed that 400,000 UK people were affected due to a “process failure,” but the systems of the company in the UK were not affected.

The platforms used by Equifax Ltd and TDX Group are “entirely separated from those impacted by the Equifax Inc cybersecurity incident.”

Equifax data breach

Unfortunately, the investigation revealed that there was unauthorised access to limited personal information for certain UK consumers, but hackers did not access financial data or credentials.

“Regrettably, the investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.The information was restricted to: Name, date of birth, email address and a telephone number, and Equifax can confirm that the data does not include any residential address information, password information or financial data.” reads the Equifax UK.

“Having concluded the initial assessment, Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.”

According to the company, the UK consumer data that may have been stolen does not include “any single Equifax business clients or institution.”

The Information Commissioner’s Office (ICO) ordered Equifax to alert British customers following the incident.

“Reports of a significant data loss at US-based Equifax and the potential impact on some UK citizens gives us cause for concern. We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised,” ICO deputy commissioner James Dipple-Johnstone said.

“We will be advising Equifax to alert affected UK customers at the earliest opportunity. In cyber-attack cases that cross borders the ICO is committed to working with relevant overseas authorities on behalf of UK citizens.”

Equifax will notify the affected UK customers offering them an identity protection service for free.

The service will monitor any suspicious activity about possible misuses of victim’s data, including monitoring of web and social media information.

“We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.” said Patricio Remon, Europe president at Equifax Ltd.

The company is still investigating the incident.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Equifax data breach, cybercrime)

[adrotate banner=”12″]