In early September 2017, Equifax Inc. our US parent company,
announced that it had been the victim of a criminal hack. Although our
UK business was not breached, the attack regrettably compromised the
personal information of a range of UK customers.
As soon as possible after the attack was discovered, Equifax
Inc. appointed an independent cybersecurity firm, Mandiant, to
investigate the extent of the breach and enable us to learn lessons
for the future.
Mandiant has now completed its investigation and has securely
transferred all data from the US relating to the UK over to Equifax
Ltd. (UK) for analysis. With this work well underway, we will now
begin writing to all impacted consumers with immediate effect to
notify them of the nature of the breach and offer them advice and a
range of services to safeguard themselves. Consumers who receive a
letter from Equifax and who wish to take-up one of the ID protection
services on offer or who have any further questions will be given
options to contact us via the web or via a dedicated telephone line.
These services are free to use, simple to sign up for and will
provide immediate protection. Consumers should note that Equifax
correspondence will never ask them for money or cite any personal
details, and if they receive such correspondence, they should not
respond. We will also not be making any outbound telephone calls to
consumers for security reasons.
Patricio Remon, President for Europe at Equifax Ltd. (UK), said: “I
would like to apologise again to the UK consumers whose personal data
we failed to protect.”
“Our priority is to reassure and support those affected by the
cybersecurity incident and we’ll be contacting every individual to
offer them free protection services. I’m extremely sorry for the
concern and frustration this incident has caused”
“At Equifax we take our responsibility to protect personal data very
seriously but there is clearly more to do. We are working closely with
regulators, law enforcement agencies and leading external advisers to
learn the lessons of this incident and we are committed to
implementing all necessary security improvements to our business."
The completed Mandiant review also concluded that there is no
evidence that the attackers accessed databases located outside of the
Portland Communications on 020 7554 1781 or