CyberCrimeGovernement-ITRegulationSecuritySecurity Management

MPs To Question Equifax Over Delay In Data Breach Report

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

MP demands to know why it took so long for Equifax to report breach and why it has not contacted consumers

The fallout for credit monitoring company Equifax continues after its admission of a hugely damaging data breach that took place in the summer.

The head of the House of Commons Treasury Committee is now demanding answers, including why it has taken so long for the firm to notify users of the breach.

The data breach affected approximately 143 million US consumers, but earlier this week Equifax said that nearly 700,000 UK consumers had been affected. This was a lot more than the 400,000 UK consumer it had initially thought were impacted.

data breach, security breaches

Demanding Answers

And it seems that Nicky Morgan MP, Chair of the Treasury Committee, is not at all happy at Equifax’s response so far to the data breach.

She has written to the chief executive (Patricio Remon) of Equifax Limited (the UK operation) asking for further details about the scale of the breach, and what compensation it will provide.

She is also demanding answers from Andrew Bailey, chief executive of the Financial Conduct Authority (FCA), and whether the FCA is considering further action against the firm.

“Equifax has taken too long to notify those affected by its widespread cyber-security breach,” said Mrs Morgan. “People have been left in the dark for too long, which has increased the risk that they fall victim to identity theft and fraud.”

Morgan’s frustration comes as Equifax had admitted the ‘cybersecurity incident’ in the first week of September.

However, the firm had actually discovered the hack in late July (a delay of over a month), after hackers apparently “exploited a US website application vulnerability to gain access to certain files”.

“It is particularly concerning that the breach occurred in a business that sells identity protection services, and is looking to take advantage of the commercial opportunities afforded by data sharing initiatives, such as Open Banking,” Mrs Morgan went on.

“Mr Remon has said that the immediate focus of Equifax is to ‘support those affected by this incident’,” said Mrs Morgan. “The Treasury Committee will hold him to these words, and will consider taking public evidence from Equifax, particularly if it does not receive a full and timely response to these questions.”

In her letter to Mr Remon, Mrs Morgan also demanded to an explanation of the process that allow data of UK consumers to be transferred to the US parent company.

“Why has Equifax chosen not to contact, or offer any support, to individuals who have had name and date of birth data compromise,” she demanded.

Morgan said she wants a reply by 24 October.

US Grilling

Equifax for its part has previously said it is working with the FCA and the Information Commissioner’s Office (ICO) in the UK.

And it should be noted that Equifax has already been hauled up before the US Congress over the matter.

Former Equifax CEO Richard Smith, who resigned over the matter, appeared last week on Capitol Hill to answer hard questions from lawmakers.

He also took heated criticism of his handling of a breach that exposed personally identifiable information on 145.5 million Americans.

Do you know all about security in 2017? Try our quiz!