2 min read

Up to 44 million UK consumers may have had their identity put at risk after Equifax hack


September 12, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Up to 44 million UK consumers may have had their identity put at risk after Equifax hack

By now, you’ve no doubt read the news stories about the massive data breach at credit-reporting service Equifax which has put 143 million US customers at risk of identity theft.

Hackers stole personally identifiable data including social security numbers, dates of birth, addresses, and driving license information – alongside (in the case of some 209,000 consumers) credit card information.

But you would be wrong to think that it is only consumers in the United States who are at risk because of the breach.

Equifax has admitted that it also “identified unauthorized access to limited personal information for certain UK and Canadian residents.”

What Equifax doesn’t say in its advisory is just how many UK and Canadian citizens might be at risk, but a report from The Telegraph puts the number of potential British victims at 44 million.

Considering that the estimated population of the UK (including children who I would argue are less likely to be being having their credit rating checked) is about 65 million, that’s a frankly catastrophic figure.

And don’t imagine for a second that because you may have never heard of Equifax, or done no business with them, that you have somehow escaped from being affected by this breach. Many companies in the UK use Equifax’s credit-cehcking services when deciding if they want to take you on as a customer or not.

In short, you may never have had any direct dealings with Equifax, but they may still have had your personal data – and it may now be in the hands of hackers.

Things only get worse when you recognise just what it means to have key personal data such as names, dates of birth, and social security numbers (although these aren’t used in the UK) are exposed.

If, say, your password is exposed through a website breach you can always change your password. But try changing your date of birth, or your name… you’re stuck with them for life.

Identity thieves can use personal information such as dates of birth, names, addresses and social security numbers to fraudulently open accounts, take out loans and credit cards, or even buy a house… all without you knowing, and yet it’s you ultimately which might find yourself with a damaged credit rating as a result.

It’s no wonder, as The Telegraph quotes, that the likes of BT are keeping a close eye on the developing story:

“We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”

In many ways I’m reminded of how T-Mobile’s CEO was unable to disguise his anger when Experian, a company tasked with credit-checking the phone company’s users, suffered its own data breach exposing social security numbers and other personal information two years ago.

You can’t help but feel some sympathy for the companies which placed their trust in Equifax, believing that the firm would take proper care of consumers’ information.

But most of all I feel sorry for the many millions of consumers who are currently utterly oblivious that their identities are at risk, and the potential problems they might face in the future.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like