In the wake of the Equifax data breach it was thought that less than 400,000 UK customers were hit, in fact nearer 700,000 were left vulnerable and 15 million UK records had been targeted.
The discovery of the true UK figure was made when the firm identified a further stolen file, proving to be yet another damning oversight in the handling of the major cyber incident.
Equifax has said that the additional customers have been contacted, with passwords, email addresses, phone numbers, driving license number and card details potentially stolen.
Initially the credit rating firm reassured customers that the data accessed in the breach was not critical enough that theft was likely, but security professionals have disputed this.
Following the colossal breach, both the CIO and the CSO resigned, and in the days following this, the CEO also stepped down due to the poor handling of the situation. The blundering response to the incident is even more shocking due to the fact that GDPR is near at hand, arriving in May 2018.
The story of cyber disaster for Equifax began before the major summertime breach, with the company admitting to another incident earlier this year. Equifax did at least bring the independent cybersecurity firm, Mandiant, on board to investigate both attacks, but this has not assuaged the concern caused by the company’s lacking communication.
Communication from the company when the Equifax data breach hit was non-existent to begin with, leaving the UK’s National Cyber Security Centre to raise awareness to the result of the attack. The prompt announcement of data breaches will be a focus area of GDPR, with penalties threatening organisations that fail to inform quickly enough.
News of the true extent of the numbers of UK customer hit by the breach comes at a time when the nation is still reeling from the crippling effect of the WannaCry ransomware attack, a standout incident that raised general cyber awareness massively.