Select Page

Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK’s privacy watchdog for its last year’s massive data breach that exposed personal and financial data of hundreds of millions of its customers.

Yes, £500,000—that’s the maximum fine allowed by the UK’s Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion company.

In July this year, the UK’s data protection watchdog issued the maximum allowed fine of £500,000 on Facebook over the Cambridge Analytica scandal, saying the social media giant Facebook failed to prevent its citizens’ data from falling into the wrong hands.

Flashback: The Equifax Data Breach 2017

Equifax suffered a massive data breach last year between mid-May and the end of July, exposing highly sensitive data of as many as 145 million people globally.

The stolen information included victims’ names, dates of birth, phone numbers, driver’s license details, addresses, and social security numbers, along with credit card information and personally identifying information (PII) for hundreds of thousands of its consumers.

The data breach occurred because the company failed to patch a critical Apache Struts 2 vulnerability(CVE-2017-5638) on time, for which patches were already issued by the respected companies.

images from Hacker News