Information on close to 400,000 Equifax UK customers was compromised in this year’s data breach, Equifax Inc. has confirmed.
The data affected was limited to names, dates of birth, email addresses and telephone numbers. It did not contain more sensitive information such as passwords, financial data or residential addresses.
The Atlanta, Georgia-based credit rating company had announced on September 7 that a security breach between May and July this year had led to data on over 140m US customers being hacked.
Although the servers for Equifax’s UK business are separated from US ones, Equifax explained that “a process failure … led to a limited amount of UK data being stored in the US between 2011 and 2016”, which is how British customers got caught up in the breach.
To prevent fraud, Equifax said it is going to contact affected customers strictly by post. They will be provided with a free tool incorporating credit data as well as social media monitoring, which will alert them to takeover attempts.
For those who might not want to use Equifax’s own service alone, links to other regulated organizations in the UK will be provided.
The Information Commissioner’s Office (ICO) had expressed concerns for UK customer data in the immediate aftermath of Equifax’s data breach announcement, when the cross-border factor had not yet been determined.
The Office would not comment on whether they had been informed about the accidental transfer of data after Equifax discovered it in 2016.
In an updated statement from Saturday, the ICO said: “It can take some time to understand the true impact of incidents like this, and we continue to investigate. Members of the public should remain vigilant of any unsolicited emails, texts or calls, even if it appears to be from a company they are familiar with. We also advise that people review their financial statements regularly for any unfamiliar activity.”