Equifax Ltd (UK) Information Update Regarding the Ongoing Investigation Into US Cybersecurity Incident - Mandiant Completes Initial Review
In early September 2017, Equifax Inc. our US parent company, announced that it had been the victim of a criminal hack. Although our UK business was not breached, the attack regrettably compromised the personal information of a range of UK customers.
As soon as possible after the attack was discovered, Equifax Inc. appointed an independent cybersecurity firm, Mandiant, to investigate the extent of the breach and enable us to learn lessons for the future.
Mandiant has now completed its investigation and has securely transferred all data from the US relating to the UK over to Equifax Ltd. (UK) for analysis. With this work well underway, we will now begin writing to all impacted consumers with immediate effect to notify them of the nature of the breach and offer them advice and a range of services to safeguard themselves. Consumers who receive a letter from Equifax and who wish to take-up one of the ID protection services on offer or who have any further questions will be given options to contact us via the web or via a dedicated telephone line.
These services are free to use, simple to sign up for and will provide immediate protection. Consumers should note that Equifax correspondence will never ask them for money or cite any personal details, and if they receive such correspondence, they should not respond. We will also not be making any outbound telephone calls to consumers for security reasons.
Patricio Remon, President for Europe at Equifax Ltd. (UK), said: “I would like to apologise again to the UK consumers whose personal data we failed to protect.”
“Our priority is to reassure and support those affected by the cybersecurity incident and we’ll be contacting every individual to offer them free protection services. I’m extremely sorry for the concern and frustration this incident has caused”
“At Equifax we take our responsibility to protect personal data very seriously but there is clearly more to do. We are working closely with regulators, law enforcement agencies and leading external advisers to learn the lessons of this incident and we are committed to implementing all necessary security improvements to our business."
The completed Mandiant review also concluded that there is no evidence that the attackers accessed databases located outside of the United States.
Portland Communications on 020 7554 1781 or email@example.com