On October 13, 2023, the Financial Conduct Authority (FCA) imposed a fine of US$13.6 million on Equifax Limited (Equifax), a company specializing in credit reference, data analytics, and technology services.

To know more, click here https://www.fcctimes.com/2023/10/16/equifax-fined-11-million-for-massive-cybersecurity-breach-affecting-uk-consumers/

This penalty resulted from Equifax’s failure to adequately oversee and secure UK consumer data that had been outsourced to its US-based parent company, Equifax Inc., in 2017, which was subjected to one of the largest cybersecurity breaches in history. Cyber-hackers gained access to the personal data of approximately 13.8 million UK consumers because Equifax outsourced data to Equifax Inc.’s servers in the US for processing.

Furthermore, Equifax mishandled its response to the data breach by failing to promptly notify affected individuals and maintain quality assurance checks. This failure led to unfair treatment of consumers. Regulated financial firms are held responsible for the data they outsource, requiring effective cybersecurity measures and timely responses to data breaches. This case underscores the critical importance of data protection in the financial sector.

The penalty adds to the significant costs incurred by its parent company, which, in 2019, agreed to pay almost US$800 million in a record settlement with US regulatory authorities after hackers obtained the data of nearly 150 million Americans.