In a scene which would not be out of place in a Chuckle Brothers TV show, bungling Equifax bosses have been forced to admit that the firm has once again got it wrong after revealing that 694,000 – and not 400,000 – UK customers had their data stolen in its mass data breach.
As if that was not bad enough, the credit reference and data giant has also changed its mind over whether customers were in danger of financial loss, admitting they may be at risk of “possible criminal activity”.
Four groups of affected UK customers have been identified, and there is some crossover between them: 637,000 whose phone numbers were stolen; 29,000 whose driving licence numbers were stolen; 15,000 who had some of their Equifax membership details, such as usernames and passwords, stolen, and 12,000 whose email address was stolen.
Nearly 14 million further UK records were stolen, but they contained only names and dates of birth.
Equifax European chief executive Patricio Remon said: “Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act.”
Earlier this month, the company was also forced to admit that it had found another 2.5 million compromised records in the States, bringing the total number up to 145.5 million – or half the population of the US.
Since the breach was first revealed on September 8, the firm has been hit by a catalogue of disasters, including the fact that it discovered the hack on July 29, but waited nearly six weeks to warn customers; before it went public on the attack, three Equifax senior executives sold shares in the company worth almost $1.8m; and that the hackers used a vulnerability which was well known in cybersecurity circles.
The breach has also led to the departure of chief executive Richard Smith, chief information officer Susan Mauldin, and chief security officer David Webb. Smith has since been accused of misleading Congress over the cause of the issue.
Equifax chief ‘misled Congress over mass data breach’
Equifax: Oops we’ve found another 2.5m stolen records
Equifax CEO is ‘retired’ as company reels from breach
Equifax blunders on after sending users to fake website
Equifax admits that 400,000 Brits hit by US breach
Flaw on Equifax system was exposed over 6 months ago
44m Brits could be affected by Equifax US data breach
Equifax rocked as mega hack exposes 143m consumers