Equifax Hack - Where is the Accountability?

[HanaBi]

US Credit Agency, Equifax, was hacked on a very major scale in May of this year. But Equifax only admitted this two months later, and even then were very conservative with regards numbers involved, and exactly what personal information had been stolen.

It wasn't until September that Equifax bosses were a little more forthcoming and admitted that over 140 million of its US customer records had been compromised. And it further admitted that 400,000 British customers had also been affected.

And now this month, Equifax released more bad news: it wasn't 400,000 UK customers, but just under 700,000, compromising over 14 million PI records held since 2011. These records, according to Equifax, "only" contain names and dates of birth. But according to the National Cyber Security Centre, hackers could well have taken security questions/answers, telephone numbers, email addresses etc.

Add all that together and a complete user profile is possible. Just the sort of thing that would appeal to the criminal fraternity.

But the good news is Equifax are "Sorry!" And their share price on the Stock Exchange, has recovered.

So that's okay then!

For those who have accounts with Equifax, it would be best to either update your password, or better still go elsewhere.

Equifax: About those 400,000 UK records we lost? It's now 15.2M. Yes, M for MEELLLION

 

[Brian G Turner]

It's similar with Yahoo - it turned out that every single Yahoo account had been compromised, but was not mentioned until after the sale of the company ...

 

[BAYLOR]

I think that a apology just won't cut it .

 

[Caledfwlch]

The shocking thing about Credit Reference Agencies in the UK, is that there is very, very little Legislation regarding them.
Pretty much, the only specific legislation is the one that grants them the right to exist, and that's about it
They are also STILL, when Private individuals complain and demand they remove incorrect/inaccurate/false data trying to brush them away with their ludicrous claims that they have no responsibility towards the data they attach to an individuals name, that it is all down to the financial institution that actually uploaded the information, and the customer should approach that company and try to get them to agree to alter the incorrect data. So, they are basically saying "it's not our fault or job Guv, we are simply storing this for other people, go away"

The problem is, they lost Court Cases regarding this, so a Legal Precedent has been established, that the CRA's are not Data Holders, but Data Controllers, which means the full majesty of the Data Protection Act applies, and if they continue to display incorrect or false data, after a consumer has alerted them that it is wrong, the consumer has every right to sue for damages. Something that wasn't possible until the Court Actions created the precedent.

These companies are already wielding a disturbing amount of both Power and utter unaccountability, it's time the Government stepped in to protect the Consumer. In the UK, a few companies were sued and prosecuted when it was discovered that various factions within the Construction Industry were maintaining a secret blacklisting database, blacklisting workers for example, because they belonged to a Union.
Most people in the UK don't realise that there is also a highly secretive Credit Reference Agency called "National Hunter"
And the secrecy must be a breach of Consumers Rights - how can you stand upon your rights, and see what data is held on you, when all the banks, financial institutions never tell you National Hunter exist? National Hunter themselves, never advertise.
The banks tell you to go to Experian, Equifax, and Callcredit, they never tell you to check National Hunter.

In my opinion, there should be an urgent Legislative change, that excludes CRA's from being allowed to charge you a fee to see what Data they hold on you. You have already paid them/made them money by the very fact, they use the data they hold on you to make profit, allowing other companies access, selling the info for Marketing and so on.

 

[HanaBi]

Hopefully the implementation of the "General Data Protection Regulation" in May 2018, may swing some of that power back towards the consumer in terms of data storage/access accountability. This is an EU initiative, which may still be regulated by our sitting government of the day, should the UK ever leave the European Unit via Brexit.


General Data Protection Regulation - Wikipedia