The stakes for data protection are at their highest high following Equifax’s massive security breach. This leading consumer credit firm was recently penalized by the British Data Protection regulators for an alleged security breach. The company reportedly failed to prevent the personal data breach of more than fifteen million UK citizens after the infamous 2017 cyber hack. As of now, they have been charged a whopping 500,000 as a penalty.
Alternatively, the Information Commissioners Office has confirmed that a GDPR data protection (General Data Protection Regulation) notice has been issued against a Canadian firm for their alleged links with the Cambridge Analytica Scandal. According to industry observers, Equifax’s penalty and the GDPR notice collectively indicates the authorities’ genuine concern about protecting the data of citizens.
The deadly hack of Equifax systems in 2017 allegedly affected the security of more than 146 million people, most of whom, are based in the United States. However, the data breach wasn’t limited to the US alone. According to reports, the data of several British citizens had been equally compromised following the hack. Since Equifax was unsuccessful in taking the necessary steps to protect the information, they are now being sidelined by the UK authorities.
Initially, Equifax indicated that less than 400,000 British citizens were reportedly affected by this hack. However, they soon raised this figure to more than 700,000. Finally, in October 2017, the company acknowledged that more than 14.5 million Britons have been exposed after the hack. In their defence, this data was not sensitive and it couldn’t put people under risk.
It was at this point when the Information Commissioners Office stepped in, and while studying the matter with Financial Conduct Authority they discovered that almost 20,000 UK citizens had their personally identifiable information (name, date of birth, contact number, driving license number) exposed following the hack. The cybercriminals further went to the extent of accessing the details of more than 637,430 Britons. Therefore, almost 15 million UK citizens were allegedly affected by the hack.
The US authorities had already warned Equifax about a massive vulnerability in March 2017. However, the company decided to overlook the matters which eventually lead to this massive catastrophe.
According to Elizabeth Denham, the information commissioner, this massive breach of personally identifiable information that puts the subjects before large-scale financial frauds, isn’t just upsetting for the customers, but it also affects the consumer’s trust in digital business. The situation is worse when the company in question is an international firm whose business is entirely dependent on personal data.
Equifax, on the other hand, expressed their disappointment with the discoveries of the ICO and further reiterated that they had indeed taken the necessary measures to prevent any potential hack. They, however, acknowledged the current procedures that are now being incorporated.
As per current reports, the data had already been collected before 25th May. However, the ICO is currently concerned about the alleged retention and misappropriation of the data. In early 2018, Chris Wylie, a whistleblower revealed a similar instance where AQI was found to have links with Cambridge Analytica. This further compelled Facebook to suspend this Canadian company from their platform. Following Equifax’s penalty, we are expecting a similar predicament.