Hackers who stole Social Security numbers and other poorly secured personal data for 143 million Americans from Equifax also got away with the personal information of nearly 700,000 British citizens as well, the credit reporting company said Tuesday.
A computer file containing 15.2 million records of British citizens was “attacked” during the hack, which began in May, Equifax UK Ltd. said in a statement.
“Regrettably this file contained data relating to actual consumers as well as sizeable test datasets, duplicates and spurious fields, ” the statement went on.
The company said it would be writing to a total of 693,665 consumers whose email address, phone number, driver’s license number or username and password combination had been stolen. They will be offered free credit monitoring and other identity protection tools. The exact breakdown is:
- 12,086 consumers had an email address associated with their Equifax.co.uk accessed.
- 14,961 consumers had portions of their Equifax.co.uk membership details such as username, password, secret questions and answers and partial credit card details accessed.
- 29,188 consumers had their driver’s license number accessed.
- 637,430 consumers had their phone numbers accessed.
The remaining 14.5 million British records compromised “may contain the name and date of birth of certain UK consumers,” the company said. “Whilst this does not introduce any significant risk to these people Equifax is sorry that this data may have been accessed.”
“Equifax has brought every analytical tool, technique and data asset it has available to bear in order to ‘fill in the blanks’ and establish actual consumer identities and attribute a current home address to them,” the company said, adding that its analysis was now complete.
“I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act,” said Patricio Remon, president for Europe at Equifax UK Ltd. “Let me take this opportunity to emphasize that protecting the data of our consumers and clients is always our top priority.
“It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed,” he concluded.