Equifax ups its estimates of British victims of hack to 700,000

by

Former Equifax US boss Richard Smith resigned after the data breach was reported (Source: Getty)

Equifax today revised up its calculation of how many British consumers may have had personal information stolen earlier this year, revealing the hack on the credit reporting agency compromised the records of almost 700,000 people.

Previous estimates of the effect of the hack, first discovered at the end of July, had pegged the number of Brits affected at 400,000.

Equifax was forced to acknowledge the extra exposed data after Mandiant, the US cybersecurity firm investigating the breach, found an extra trove of stolen data.

Read more: Human error and tech to blame for Equifax hack, ex-CEO tells congress

A large majority of the British victims, including people who had never knowingly used Equifax before, had phone numbers stolen. However, 27,000 customers of Equifax had email addresses, usernames, log-in details and partial credit card details taken.

The firm believes the hackers were not able to access full credit card information, but it will offer customers its identity protection service for free, along with similar services from rivals such as Experian.

Equifax started sending letters to the 693,665 affected people today, as part of a massive and costly operation to undo the damage, which emerged from a breach at the larger US parent.

Read more: Equifax's data breach is worse than was previously thought

The chief executive of the firm has since resigned, after it was revealed that more than 143m records were taken in the US. Some 15m records were exposed in the UK, although many were nonsense data or nonsense data.

Patricio Remon, Equifax president for Europe, said protecting client data was the company’s “top priority”.

He said: “Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act.

“It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed.”

Read more: DEBATE: Do we need stricter regulation to prevent data breaches?