Posts Tagged: equifax UK breach


10
Oct 17

Equifax Hackers Stole Info on 693,665 UK Residents

Equifax Inc. said today an investigation into information stolen in the epic data breach the company disclosed on Sept. 7 revealed that intruders took a file containing 15.2 million UK records. The company says it is now working to inform 693,665 U.K. consumers whose data was stolen in the attack.

equihaxPreviously, Equifax said the breach impacted approximately 400,000 U.K. residents. But in a statement released Tuesday, Equifax said it would notify 693,665 U.K. consumers by mail that their personal information was jeopardized in the breach. This includes:

-12,086 consumers who had an email address associated with their Equifax.co.uk account in 2014 accessed.
-14,961 consumers who had portions of their Equifax.co.uk membership details — such as username, password, secret questions and answers, as well as partial credit card details — accessed
-29,188 consumers who had their drivers license numbers accessed
-637,430 consumers who had their phone numbers accessed

The numbers include data that Equifax held on U.K. consumers as far back as 2011, the company said. Equifax did not say whether any of the above-mentioned data was encrypted.

Meanwhile, the U.K.’s National Cyber Security Centre is warning residents to be on their guard against phishing attacks made to look like communications from Equifax about the breach.

“Another risk to UK citizens affected by this data breach is that they could be on the receiving end of more targeted and realistic phishing messages,” the NCSC wrote. “Fraudsters can use the data to make their phishing messages look much more credible, including using real names and statements such as: ‘To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number’. These phishing messages may be unrelated to Equifax and may use more well known brands. It is unlikely that any organisations will ask their customers to reset security information or passwords as a result of the Equifax breach, but this may be a tactic employed by criminals.”

ANALYSIS

Equifax has been widely criticized for continuously bungling their public response to this still-unfolding data disaster, and today’s update about the extent of the breach in the U.K. was no exception. The Equifax Web site that hosts today’s press release serves “mixed content,” meaning it includes elements that are served over both encrypted and unencrypted pages. The practical effect of this varies depending on which browser you’re using, but some browsers will display a security warning when this happens.

That mixed content error may have something to do with a missing image in the press release. That press release was supposed to include an image that breaks down what exactly was stolen from U.K. residents — as detailed in the bulleted list above — but apparently the graphic was either removed or moved pre- or post-publication. Here’s what the press release looks like in Firefox (Equifax still hasn’t fixed this): Continue reading →