In early September 2017, Equifax Inc., our US parent company,
announced it had been the victim of a criminal cyber-attack in May
2017. Although our UK business was not breached, the attack
regrettably compromised the personal information of a range of UK consumers.
Equifax apologises unreservedly for any risks to consumers arising
as a result of this criminal hack. We continue to work closely with
law enforcement and other agencies as well as leading external
advisers to learn lessons for the future.
It has always been Equifax’s intention to write to those consumers
whose information had been illegally compromised, but it would have
been inappropriate and irresponsible of us to do so before we had
absolute clarity on what data had been accessed. Following the
completion of an independent investigation into the attack, and with
agreement from appropriate investigatory authorities, Equifax has
begun corresponding with affected consumers.
We would like to take this opportunity to emphasise that Equifax
correspondence will never ask consumers for money or cite personal
details to seek financial information, and if they receive such
correspondence they should not respond. For security reasons, we
will not be making any outbound telephone calls to consumers.
However, customers can call our Freephone number on 0800 587 1584
for more information.
Today Equifax can confirm that a file containing 15.2m UK records
dating from between 2011 and 2016 was attacked in this incident.
Regrettably this file contained data relating to actual consumers as
well as sizeable test datasets, duplicates and spurious fields.
Equifax has brought every analytical tool, technique and data asset
it has available to bear in order to ‘fill in the blanks’ and
establish actual consumer identities and attribute a current home
address to them. This complete, we have been able to place consumers
into specific risk categories and define the services to offer them
in order to protect against those risks and send letters to offer
them Equifax and third-party safeguards with instructions on how to
get started. This work has enabled us to confirm that we will need
to contact 693,665 consumers by post. Details are set out in the box
below. The balance of the 14.5m records potentially compromised may
contain the name and date of birth of certain UK consumers. Whilst
this does not introduce any significant risk to these people Equifax
is sorry that this data may have been accessed.
Equifax takes this illegal and unprecedented breach of consumers’
data extremely seriously and has begun writing to the groups of
consumers outlined below to notify them of the nature of the breach
and offer them appropriate advice. For each group of consumers,
Equifax is offering several Equifax and third party risk mitigation
products for free to reassure consumers and minimise any risk of
possible criminal activity.
Equifax Inc. announced on October 2, 2017 that its third party
cybersecurity expert had concluded its forensics investigation. Our
analysis of all potentially affected data relating to UK subjects is
now complete and there are four groups of consumers to whom Equifax
will be writing to offer the following safeguards and support:
12,086 consumers who had an email address associated with
their Equifax.co.uk account in 2014 accessed
14,961 consumers who had portions of their Equifax.co.uk
membership details such as username, password, secret
questions and answers and partial credit card details -
from 2014 accessed
29,188 consumers who had their driving licence number
We will offer Equifax Protect for
free. This is an identity protection service which monitors
personal data. Products and services from third party
organisations will also be offered at no cost to consumers.
In addition to the services set-out above, further
information will be outlined in the correspondence.
637,430 consumers who had their phone numbers
Consumers who had a phone number
accessed will be offered a leading identity monitoring
service for free.
Consumers who receive a letter from Equifax and who wish to take-up
one of the ID protection services on offer, who have any further
questions, or who are concerned will be able to contact us via the web
or via a dedicated telephone line seven days a week. These services
are free to use, simple to sign up for and will provide immediate protection.
Patricio Remon, President for Europe at Equifax Ltd (UK), said, “Once
again, I would like to extend my most sincere apologies to anyone who
has been concerned about or impacted by this criminal act. Let me take
this opportunity to emphasise that protecting the data of our
consumers and clients is always our top priority.
It has been regrettable that we have not been able to contact
consumers who may have been impacted until now, but it would not have
been appropriate for us to do so until the full facts of this complex
attack were known, and the full forensics investigation was completed.
I urge anyone who receives a letter from Equifax to take advantage of
the remedial services being offered to help mitigate against any risk,
or to contact us should you have any questions.”
For all media enquiries please contact Portland Communications on
0207 554 1856 or firstname.lastname@example.org