Equifax Canada home page with information about cybersecurity incident under magnifying glass. Shutterstock/ dennizn.

The UK’s Financial Conduct Authority (FCA) has fined credit rater Equifax £11m ($13.4m) for failing to protect the personal data of 13.8 million UK customers in one of the largest ever data breaches.

The FCA found fault in Equifax’s handling of the data breach and its response. Equifax’s UK unit did not consider its relationship with its US parent company as outsourcing, which led to a lack of oversight over the data sent to the US. This delayed the response to the breach and handling of customer complaints.

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

The cyber attack on Equifax was described as “entirely preventable” by the FCA. The breach compromised the personal and financial information of a significant number of UK consumers, making it one of the largest data breaches in the country.

The FCA’s fine is a significant financial penalty for Equifax. This is in addition to a substantial settlement the company reached with US regulatory authorities in 2019, which amounted to nearly $800m.

Equifax stated that it had invested over $1.5bn in security and technology transformation since the cyber attack. The company asserted that it had taken significant steps to protect consumer information.

Equifax had previously been fined £500,000 by the UK’s Information Commissioner’s Office in 2018 for the same data breach. At the time, this was the maximum penalty allowed.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

According to research by IT consultancy CGI and Oxford Economics, cyber attacks since 2013 have cost UK companies around £42bn. This is because once a hack is announced, share prices fall by an average of 1.8 per cent.

In the past few years, large-scale cyber attacks never seem to be far from the news and the effects of them can be felt afterwards.

For instance, the Yahoo data breaches, which led to over one billion accounts being compromised, meant Verizon eventually ended up acquiring the company for a $350m discount.