The UK’s Information Commissioner’s Office (ICO) has hit credit monitoring firm Equifax with its maximum penalty for its actions related to the company’s massive 2017 data breach. The £500,000 fine was issued for their failure to protect data belonging to 15 million UK residents. Nearly 700,000 of those had email addresses, phone numbers, driver’s license numbers and username and password combinations stolen.
Because the Equifax breach occurred prior to the inception of the GDPR in May of this year, the fine relates back to the UK Data Protection Act of 1998. Had it happened after, Equifax may have faced a €20 million fine, or 4% of its annual global revenue, whichever is greater.
In a statement, Information Commissioner Elizabeth Denham said, “Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”
Read the full story on cyberscoop.com