The Equifax breach is a story that probably won't die anytime soon, and it didn't just affect customers in the US. Because the whole situation saw nearly 700,000 UK customers have their personal data exposed, the company is now being investigated by the Financial Conduct Authority.
Millions of people, primarily in the US, were hit by the breach, and the FCA has announced it will be investigating the circumstances surrounding the entire ordeal - primarily because personal data of UK customers was involved and was being stored on US-based servers belonging to Equifax's parent company.
This comes shortly after a letter from the chair of the House of Commons Treasury Committee, asking whether Equifax had violated the terms of its UK operating license and whether or not the FCA had the power to force it to provide compensation for affected customers in the UK.
You'd hope so, particularly since a class action lawsuit was filed against the company in the US last month, seeking billions of dollars worth of damages. The breach was pretty damn serious, and according to Equifax was the result of a single employee not applying a patch for a vulnerability in Apache Struts - an exploit that was initially identified by US-CERT in March. Shit happens, but I do have to wonder about the state of a company's cybersecurity systems if a single employee's negligence can cause such a major catastrophe.
An Equifax spokesperson had this to say:
“Equifax Ltd is already working closely with the FCA and other authorities: we welcome this opportunity to learn the lessons from this criminal cyber-attack in order for all businesses to better protect consumers in the future. Cybercrime is a real and ever-present risk faced by all companies, so it is important that government, regulators and businesses work together to combat this growing threat. We see today’s announcement as a continuation of that process.”