The enormous Equifax breach has grave implications with millions of people potentially exposed to identity theft and fraud. The company is not doing itself any favours by remaining tight-lipped about UK and Canadian citizens that are affected. We’ve put together a detailed look at the breach, outlined the implications and importantly provided advice on the steps you can take to protect yourself.
Despite revelations that the data of 143 million people was hacked at credit US reporting company Equifax almost a week ago the company remains quiet to the extent that UK consumers have been affected.

It is has been reported that Equifax holds the personal details of 44 million UK citizens but it’s unclear what percentage of these users have been affected.  Equifax has only said, without going into details, that "limited personal information" from British and Canadian residents has been compromised.

The UK’s Information Commissioner’s Office (ICO), the UK’s data privacy watchdog, said it had advised Equifax to “alert affected UK customers at the earliest opportunity.” However, it has no mandatory powers to force it to do so.

At the time of writing the ICO said it is in communication with Equifax but as yet has had no update on how the breach may have affected UK citizens. 

Things you need to know

You may not think that Equifax holds any data on you but this would be a mistake.
  • Every UK adult has a credit score
  • The information in your credit report comes from companies that have extended you credit in the past
  • This can include credit card companies, banks, retailers, mortgage lenders, vehicle leasing, mobile phone contracts and more
  • These companies report the details of your credit activity to the credit reporting agencies

In the UK there are three main credit reporting agencies: Experian, Equifax and Callcredit.
According to the Clearscore website:
  • 76% of lenders use Experian
  • 54% of lenders use Equifax.
  • 30% of lenders use Callcredit which is a relatively new agency provides a list of which lenders use which credit reporting agencies. You can find it here.

What sort of information might Equifax hold?

Although each credit reporting agency reports information differently, they basically all hold the same categories of information.
  • Date of birth
  • Address
  • Employment information
  • Credit account information and payment histories including outstanding loan agreements and utility company debts
  • Court judgments, bankruptcies, debt relief orders, individual voluntary arrangements and administration orders

Dangers and concerns – identity theft and fraud

Equifax said "limited personal information" on UK and Canadian citizens had been filched during the hack.
This is extremely unhelpful and you can read into it what you will. Equifax is engaged in a damage limitation exercise and its definition of "limited personal information" may well be different than yours or mine.

However, in the interests of self-preservation it’s safer to assume that the fraudsters have got hold of information that can be used for fraud such as your name, address and credit histories.

The big concern with this hack is:
  • The stolen information is circulated on the dark web, offered for sale to would-be fraudsters and identity thieves
  • It’s available for years. In fact, the attackers may well hold onto the information and not try to sell it immediately until time has passed and the dust has settled
  • The stolen information is used to apply for credit cards and loans or open banks accounts or even mortgages

In a nutshell, despite Equifax’s claims that "limited personal information" on UK and Canadian citizens has been lost the data is still personal. And as such is a potential goldmine for identity thieves.
  • If someone gets your personal data they can cause a lot of damage. If they can see that you have a good credit score all the better, if not, it won’t stop them trying to use your information.
  • Identity thieves and fraudsters can open an account in your name, gain a loan which goes into the account and then empty it.
  • If a loan, for instance is granted using your data, lenders start chasing you when repayments aren’t made, threatening court orders and bailiffs. And of course, your credit rating is adversely affected.

BullGuard protects your devices from spies, hackers and malware


What can you do to protect yourself?

  • The first step is to monitor your credit report. This will reveal whether any credit applications have been made in your name.
  • In the US Equifax is offering affected citizens free credit monitoring for a year. In the UK this has not yet happened, if it will at all.
  • Morally there is a burden of responsibility for Equifax to right its wrongs. You can contact Equifax in the UK on 0845 603 3000 which is the Customer Service Helpdesk, and put this point and your concerns across.
  • MoneySavingExpert provides advice and guidance on how to access your credit report and how to do so for free. The link is here.

Long term security – steps you can take

In the first instance if you think you have been the victim of identity fraud, you should report it to your bank and to Action Fraud to receive a police crime reference number.

Action Fraud is the UK’s national fraud and cyber-crime reporting centre.
The organisation provides a dedicated web page for fraud reporting. You can find it here.

In the long term you need to consider a security product like BullGuard Premium Protection, if you’re not already using it, which protects against identity theft and fraud.
  • There is a very real and valid concern that the attackers who stole the Equifax data won’t put the data up for sale for some time, until the free one year’s credit monitoring offered to affected US citizens expires.
  • Because Equifax won’t yet release details about UK and Canadian citizens this stolen data could be used immediately. However, the attackers may also decide to ‘keep it in the bank’ until media interest has moved elsewhere and cyber detectives are engaged in other matters.
  • This means that stolen data could be vulnerable to exploitation for years to come.
  • BullGuard Premium Protection alerts you when your personal information is used online whether that is tomorrow or 18 months from now.
  • You simply enter the information you want to protect such as your name, address, phone number and it searches the web 24/7 for these details.
  • If a fraudster attempts to use any of your information such as a name and address to make a fraudulent loan application you receive an immediate alert, enabling you to take remedial action.
  • You can also protect other information such as bank account numbers, passwords, email addresses, credit card and passport numbers and driver license details.

It may well be that only a small percentage of UK and Canadian citizens have been affected by the breach but until Equifax comes clean we won’t know.

While silence doesn’t imply guilt within the context of this breach it is ominous. Time and time again large organisations have lost millions of customer records and they’re often slow to put their hands up.
As such the onus falls on us as individuals to protect our personal data.

We’ll keep you updated as more is revealed.