In 2017, Equifax suffered a massive cybersecurity breach that exposed personal data of around 13.8 million UK consumers. The leaked data included names, birth dates, phone numbers, partial credit card details, and addresses. The breach was linked to Equifax's inadequate oversight of its data outsourcing to its US parent company, resulting in preventable vulnerabilities. Equifax's delayed response to the breach and subsequent mishandling of customer complaints highlighted a failure in maintaining adequate cybersecurity measures and an insufficient complaints management system.
Source: https://www.fca.org.uk/news/press-releases/equifax-ltd-fine-cyber-security-breach
TPRM report: https://scoringcyber.rankiteo.com/company/equifax
"id": "equ409051424",
"linkid": "equifax",
"type": "Cyber Attack",
"date": "09/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '13.8 million',
'industry': 'Credit Reporting',
'location': 'United Kingdom',
'name': 'Equifax',
'type': 'Company'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '13.8 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Credit Card Details']},
'date_detected': '2017-09-07',
'date_publicly_disclosed': '2017-09-07',
'description': 'In 2017, Equifax suffered a massive cybersecurity breach that '
'exposed personal data of around 13.8 million UK consumers. '
'The leaked data included names, birth dates, phone numbers, '
'partial credit card details, and addresses. The breach was '
"linked to Equifax's inadequate oversight of its data "
'outsourcing to its US parent company, resulting in '
"preventable vulnerabilities. Equifax's delayed response to "
'the breach and subsequent mishandling of customer complaints '
'highlighted a failure in maintaining adequate cybersecurity '
'measures and an insufficient complaints management system.',
'impact': {'brand_reputation_impact': 'Significant',
'customer_complaints': 'High',
'data_compromised': ['Names',
'Birth dates',
'Phone numbers',
'Partial credit card details',
'Addresses'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'lessons_learned': 'Importance of adequate cybersecurity measures and '
'efficient complaints management system',
'post_incident_analysis': {'root_causes': 'Inadequate oversight of data '
'outsourcing'},
'references': [{'date_accessed': '2023-10-05',
'source': 'Equifax',
'url': 'https://www.equifax.co.uk/'}],
'title': 'Equifax Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Inadequate oversight of data outsourcing'}