Equifax just took another hit from that 2017 hack

The credit-monitoring company had "no excuse" for its failures, a UK watchdog says.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture | Video Games | Breaking News
Sean Keane
2 min read

Equifax is still suffering after the 2017 cyber attack.

Getty Images

The UK fined Equifax £500,000 ($660,000) on Thursday for failing to protect the personal data of up to 15 million citizens in the 2017 cyberattack.

The credit-reporting company disclosed the breach in September 2017. Hackers managed to break into its network and access customer names, Social Security numbers, birthdates and addresses. The hack affected 146.6 million Americans as well as people in the UK and Canada.

The Information Commissioner's Office (ICO), which conducted its investigation with the Financial Conduct Authority, found that Equifax held data for longer than necessary and left it vulnerable to hackers.

The investigation was carried out under the Data Protection Act 1998 instead of the EU's stricter GDPR rules, since the incident took place before the latter came into effect.

Watch this: Cryptojacking: The hot new hacker trick for easy money

"We are determined to look after UK citizens' information wherever it is held," said Elizabeth Denham, the information commissioner, said in a release. "Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law."

Equifax, in an emailed statement, said it's "disappointed in the findings and the penalty."

"As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect," an Equifax spokesperson said. "The criminal cyberattack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk."

Fight the Power: Take a look at who's transforming the way we think about energy.

'Hello, humans': Google's Duplex could make Assistant the most lifelike AI yet.