Cybersecurity incident - UK update FAQ's

What Happened

On 7 September 2017, Equifax Inc. our US parent company announced a cybersecurity incident. As part of its investigation, Equifax has now identified unauthorised access to limited personal information for certain UK consumers.

Am I impacted?

Equifax Ltd. (UK) can now confirm that UK systems are not affected. Equifax Ltd. and TDX Group systems and platforms are entirely separated from those impacted by the Equifax Inc. cybersecurity incident.

Regrettably our initial investigation shows that a file containing UK consumer information may potentially have been accessed. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.

Having concluded our initial assessment we have established that we are likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate support  and a range of services to provide safeguards and reassurance.

Has my credit data been impacted?

The information was restricted to: Name, date of birth, email address and a telephone number and we can confirm that the data does not include any residential address information, password information or financial data.

Due to the nature of the information Equifax believes identity takeover is unlikely for the UK consumers who had their data potentially accessed in this incident.

What happens next?

We will be writing by post to offer  a free comprehensive ID protection service, which will allow affected consumers’ to monitor their personal data. This includes access to credit information, and alerts to any potential signs of fraudulent activity. The service incorporates web and social media monitoring, alerting the consumers to any publically available information about them.  Equifax will also provide links to services provided by other UK regulated organisations which these consumers may prefer to take-up in addition to or instead of the free services provided by Equifax.

Steps you can take to protect yourself now

We have assessed the risk for most consumers as low. However, we completely understand that you will want to ensure your data is safe. If you are one of the people we deem to be at a slightly higher risk then we will write to you by post, not by email and explain the range of options available to you. We will issue these letters as soon as we can. In the meantime, please take into account the following factors, which will help to increase your level of protection:

  • Equifax will NOT make any unsolicited outbound telephone calls to consumers to discuss this matter.
  • Equifax will NOT send any unsolicited emails asking for your personal information.

Outside of this specific event always take care when you receive emails or phone calls from people or organisations you don’t know.