The UK’s Financial Conduct Authority (FCA) says it is investigating the breach of credit rating firm Equifax which leaked records on nearly 700,000 British citizens.
The regulator issued a brief statement today confirming it was investigating the “circumstances surrounding” the breach reported by Equifax Ltd’s US parent Equifax Inc in September.
The breach affected 146 million US consumers that the company held sensitive information about, including Social Security Numbers, birthdates, addresses, and driver’s license numbers.
Equifax’s UK subsidiary earlier this month began posting letters to 693,665 UK customers to warn them they could be at risk of identity theft. That number was far higher than the 400,000 it originally estimated. The breach also exposed records containing the name and date of birth of 14.5 million UK consumers.
Due to a “process failure” the UK records were transferred to the Equifax’s US computers between 2011 and 2016, and were subsequently compromised in a website breach this May.
“The FCA announces today that it is investigating the circumstances surrounding a cybersecurity incident that led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent,” the FCA said.
“This statement is made given the public interest in these matters.”
According to Equifax UK, the attackers accessed 12,086 email addresses that were used to set up an account on its website in 2014 as well as 14,961 consumers Equifax membership details, including username, password, secret questions and answers, and partial credit card details.
Additionally, 29,188 drivers license numbers and 637,430 consumers’ phone numbers were accessed.
Equifax Inc contracted security firm Mandiant to investigate the incident.
The UK’s National Cyber Security Centre (NCSC) said earlier this month it was examining the incident with Equifax, the FCA and ICO.
Sign up for CIO Asia eNewsletters.