Comment on Equifax slapped with UK’s maximum penalty over 2017 data breach

Credit rating giant Equifax has been issued with the maximum possible penalty by the UK’s data protection agency for last year’s massive data breach. Albeit, the fine is only £500,000 because the loss of customer data occurred when the UK’s prior privacy regime was in force — rather than the tough new data protection law, brought in via the EU’s GDPR, which allows for maximum penalties of as much as 4% of a company’s global turnover for the most serious data failures. So, again, Equifax has managed to dodge worse consequences over the 2017 breach, despite the hack resulting from its own internal process failings after it failed to patch a server that was known to be vulnerable for months — thereby giving hackers a soft-spot to attack and swipe data on 147 million consumers. Personal information that was lost or compromised in the 2017 Equifax breach included names and dates of birth, addresses, passwords, driving licence and financial details. The UK data protection regulator is involved because up to 15 million UK citizens’ data was also breached in the attack.