United Kingdom: Issued ruling in FCA investigation into Equifax on cyber-security breach

On 13 October 2023, the UK Financial Conduct Authority (FCA) issued a ruling in its investigation into Equifax, imposing a GBP 11'164'000 fine concerning the company's 2017 data breach where cyber-hackers accessed the personal data of more than 13.8 million people in the UK. The Authority found that the cyberattack and unauthorised access to data was entirely preventable and that Equifax failed to properly manage customers' data in the face of known security flaws, especially in terms of data sharing with its parent company in the US. Additionally, the incident response was not properly managed, with misleading declarations to the UK public minimising the impact of the data breach.