A cyber attack on a credit rating agency threatening the data of up to 44 million people in the UK has been branded an “unmitigated disaster” by security experts.
The response of US-based Equifax to the massive breach, in which it lost the personal information of 143 million people to hackers, has also been criticised.
The hack compromised a wealth of personal data, including names, birthdays, addresses and social security numbers – as well as credit card numbers for more than 200,000 people.
The firm admitted UK consumers were affected by the breach but did not say how many, however the company is understood to hold the data of 44 million British consumers.
Video: Minister says it is ‘incredibly important’ people know how to react to hack
British customers of companies, including BT, Capital One, and British Gas, are believed to have been affected by the breach which was discovered to have run between mid-May and 29 July.
Robert Pritchard, founder of The Cyber Security Expert, and an associate fellow of the defence think tank, the Royal United Services Institute (RUSI), told Sky News the breach was “an unmitigated disaster”.
“Especially for Americans who use their social security numbers as a means of verifying their identities,” he said.
“It isn’t clear how much UK data was kept in the US, and hence how many people in the UK might be affected.”
Mr Pritchard added: “Equifax’s response has been extremely poor.”
The company took 40 days to inform the public that it had been hacked and there was outrage after it emerged three senior executives at the New York Stock Exchange-listed firm had sold-off shares worth almost $1.8m (£1.4m) before the breach was publicly disclosed.
Image: Concerned members of the public have been advised to Action Fraud
The UK data watchdog, the Information Commissioner’s Office (ICO), said it is investigating the incident and has urged Equifax to contact affected customers as soon as possible.
In a statement the National Cyber Security Centre (NCSC) said it was “aware of a cyber incident” that had affected Equifax, and encouraged the public to contact Action Fraud if they believe they have been the victim of cyber crime.
Matt Hancock MP, the minister for digital, said: “Clearly making sure that people have good cybersecurity – and then when there’s an incident making sure that people know the consequences of that – is incredibly important.”
:: How to react?
You should never respond to unsolicited phone calls or emails.
People should also monitor their credit report, which will show any credit accounts set up in your name.
If you believe you have been the victim of identity fraud, you should report it to your bank and to Action Fraud to receive a police crime reference number.