The fallout for credit monitoring company Equifax continues after its admission of a hugely damaging data breach that took place in the summer.
The head of the House of Commons Treasury Committee is now demanding answers, including why it has taken so long for the firm to notify users of the breach.
The data breach affected approximately 143 million US consumers, but earlier this week Equifax said that nearly 700,000 UK consumers had been affected. This was a lot more than the 400,000 UK consumer it had initially thought were impacted.
And it seems that Nicky Morgan MP, Chair of the Treasury Committee, is not at all happy at Equifax’s response so far to the data breach.
She has written to the chief executive (Patricio Remon) of Equifax Limited (the UK operation) asking for further details about the scale of the breach, and what compensation it will provide.
She is also demanding answers from Andrew Bailey, chief executive of the Financial Conduct Authority (FCA), and whether the FCA is considering further action against the firm.
“Equifax has taken too long to notify those affected by its widespread cyber-security breach,” said Mrs Morgan. “People have been left in the dark for too long, which has increased the risk that they fall victim to identity theft and fraud.”
Morgan’s frustration comes as Equifax had admitted the ‘cybersecurity incident’ in the first week of September.
However, the firm had actually discovered the hack in late July (a delay of over a month), after hackers apparently “exploited a US website application vulnerability to gain access to certain files”.
“It is particularly concerning that the breach occurred in a business that sells identity protection services, and is looking to take advantage of the commercial opportunities afforded by data sharing initiatives, such as Open Banking,” Mrs Morgan went on.
“Mr Remon has said that the immediate focus of Equifax is to ‘support those affected by this incident’,” said Mrs Morgan. “The Treasury Committee will hold him to these words, and will consider taking public evidence from Equifax, particularly if it does not receive a full and timely response to these questions.”
In her letter to Mr Remon, Mrs Morgan also demanded to an explanation of the process that allow data of UK consumers to be transferred to the US parent company.
“Why has Equifax chosen not to contact, or offer any support, to individuals who have had name and date of birth data compromise,” she demanded.
Morgan said she wants a reply by 24 October.
Equifax for its part has previously said it is working with the FCA and the Information Commissioner’s Office (ICO) in the UK.
And it should be noted that Equifax has already been hauled up before the US Congress over the matter.
Former Equifax CEO Richard Smith, who resigned over the matter, appeared last week on Capitol Hill to answer hard questions from lawmakers.
He also took heated criticism of his handling of a breach that exposed personally identifiable information on 145.5 million Americans.
Do you know all about security in 2017? Try our quiz!
After previously expressing its concern, the British Government now confirms a national security review of…