EQUIFAX HAS CONFIRMED that around 400,000 people in the UK may have had their information stolen following the recent breach on its systems.
The US firm said on Friday that, while its UK systems weren't accessed during the breach, a file containing UK consumer information "may potentially have been accessed", which was due to a "process failure" that led to some data being stored in the US between 2011 and 2016.
The data accessed includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information.
Patricio Remon, president at Equifax. said: "We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward."
The company claims that the information contained in the files is likely to be insufficient for the purpose of identity theft, but said it will offer "free comprehensive identity protection service" to those affected, which will also include "web and social media monitoring alerting the consumer to any publically available information about them".
It's not clear whether these offers will come with strings attached, as in the US, which effectively barred recipients from suing the company for damages.
Equifax also noted that the investigation is ongoing, during which it will be working closely with the Financial Conduct Authority and Information Commissioner's Office (ICO).
The ICO confirmed its plans to cast its eye over the data breach last week. Deputy Commissioner James Dipple-Johnstone said: "Reports of a significant data loss at US-based Equifax and the potential impact on some UK citizens gives us cause for concern.
"We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised.
"We will be advising Equifax to alert affected UK customers at the earliest opportunity.
"In cyber attack cases that cross borders, the ICO is committed to working with relevant overseas authorities on behalf of UK citizens."
The scale of the breach is so great that the company's CEO, Richard Smith, has been called to testify before a congressional committee next month, while one US lawmaker has likened it to the Enron scandal. µ
But don't expect laptop prices
Vulnerability targets hardware created by Infineon Technologies
Expect something commercial in 2019
Ex-employees say bugs were stolen and used in future attacks