Equifax has admitted that almost 700,000 UK consumers have had their personal details accessed following a cyber-attack, a figure far higher than previously thought.
As well as affecting more Britons, the hack also resulted in significantly more damaging data being leaked on those who were affected. The information lost by the US credit monitoring firm included partial credit card details, phone numbers and driving licence numbers.
The Information Commissioner’s Office said that it was still investigating the company, which had initially claimed just 400,000 British residents had been affected.
“We continue to investigate what happened at Equifax and how UK citizen’s information came to be compromised,” an ICO spokesperson confirmed. “It is a complex and fast-moving case and we are working closely with other UK regulators and our counterparts in Canada and the US.
“We have been pressing Equifax to confirm the scale and any impact on UK citizens and, from the outset, we advised the firm to alert and support victims.”
Equifax – based in Atlanta, Georgia – discovered the hack in July but only informed consumers last month, leading the information commissioner to order the company to inform British residents “at the earliest opportunity” if their personal information had been put at risk.
The move came after Equifax said a hack had exposed the social security numbers and other data of about 143 million Americans.
Equifax hack: two executives to leave company after breach
Lenders rely on the information collected by credit bureaux such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.
Equifax said a file containing 15.2m UK records, dated between 2011 and 2016, was hacked and included data from “actual” consumers, as well as test and duplicate data.
The company said its investigation found that it would need to contact 693,665 British consumers by post to tell them how to protect against any potential risk.
Almost 13,000 consumers had an email address associated with their Equifax.co.uk account accessed in 2014, while just under 15,000 consumers had portions of their Equifax membership details – such as username, password, secret questions and answers and partial credit card details – accessed.
It said nearly 30,000 had their driving licence number accessed, while the phone numbers of a further 637,430 consumers were accessed.
'No law can fix stupid': Congress slams former Equifax CEO for data hack
Patricio Remon, Equifax’s Europe chief, again apologised to anyone affected by the hacking.
“It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed,” he said.
Anyone who is sent a letter by Equifax should take advantage of the help offered to guard against potential risks.
Cyber-attacks have become an increasing problem for big firms that hold large amounts of customer data.
HSBC and TalkTalk are among the most high-profile British firms to be hit in recent years.