Equifax has revealed that 15.2 million UK records were stolen in its recent data breach rather than the 400,000 initially claimed.
It was the UK’s National Cyber Security Centre (NCSC) that initially revised the figure upwards
shortly followed by Equifax.
In practise its means that the details of 693,665 UK consumers have been compromised including names and addresses.
The blighted credit reference agency says it now plans to inform these people by post that their personal information may now be in the hands of hackers and cyber fraudsters, though it clearly won’t use this type of language.
In a statement Equifax, says somewhat disingenuously: “Whilst this does not introduce any significant risk to these people Equifax is sorry that this data may have been accessed."
We have no idea how Equifax is assessing the potential for harm by underplaying the threat of ‘significant risk’ among those people whose records have been leaked but it further says:
“…we have been able to place consumers into specific risk categories and define the services to offer them in order to protect against those risks and send letters to offer them Equifax and third-party safeguards with instructions on how to get started.”
This probably means that those affected will receive letters that offer services designed to protect their compromised identities.
Equifax is clearly an organisation that is in trouble and it’s questionable whether it will survive long term.
However, some of the behaviour following the mega data breach, such as two senior executives selling off share-holdings before the breach was made public; undermine its integrity even further.
At the same time the company said it had not yet started notifying affected UK consumers because it was waiting until a full forensics investigation was completed.
With this in mind it’s difficult to be fully confident in how the company is responding to the breach, so people who know for certain that Equifax holds data on them should:
- Be wary of phishing emails that request personal information. It’s not unlikely that quick-thinking hackers would even impersonate Equifax
- Be wary of cold telephone calls that also try to elicit personal information
If you receive a cold call or what you suspect is a phishing email don’t reply, rather contact the company in question yourself and confirm that either they’ve called you or sent you an email.
It’s worth keeping in mind that no reputable organisation will contact you and ask for your personal information such as passwords.
National Cyber Security Centre
The fact that the NCSC, part of GCHQ, is also involved in the investigations around the data breach underscores just how serious it is and the potential for large scale fraud.
The NCSC was set up a little over one year ago to combat the growing threat if cyber fraud and malicious malware.