back to article Eight months after Equifax megahack, some Brits are only just being notified

Some of the 15 million Britons affected by the Equifax mega-hack are only now receiving letters notifying them that they were affected by the breach, eight months after the event. As we reported in September 2017, Equifax confessed to having been hacked, upping the number of affected people in the following weeks to a 145 …

  1. Chris G Silver badge


    "We have contacted Equifax for comment and its PR agency has promised to send us a timeline of the credit reference agency's efforts to contact hack victims. We will update this article if it responds. ®"

    If their performance so far is anything to go by, you should have something from them around mid October.

    1. Commswonk Silver badge

      Re: Timely

      If their performance so far is anything to go by, you should have something from them around mid October.

      Yes... all well and good... but mid October which year?

    2. kain preacher Silver badge

      Re: Timely

      Naw I expect the response to get lost in the post .

    3. CrazyOldCatMan Silver badge

      Re: Timely

      you should have something from them around mid October

      And it'll be a request for all sorts of data "just to make sure that we know it's you". Or, as I explained to someone who purported to be from my credit-card company (unsolicited call: "we just want you to know about some offers but first we need you to identify yourself". My response was "since I don't have a clue who you are, why don't you tell me something from my account to identify yourself first?". She got quite shirty and kept insisting that I identify myself. The phone suffered a service disconnection event shortly afterwards..)

      All of which data will, undoubtedly find its way into the public view either by incompetence or greed. Or incompetent greed..

  2. damiandixon

    Who was the data collated for

    Having had my fingers burnt with this one I would like to know who the data was collated for.

    So far Equifax has been very quiet on this.

    The identity monitoring tool of thiers is not particularly good. It keeps emailing me to tell me that its found something. I'm reluctant to sign up for the more intrusive monitoring as you have to give them even more personal information and given that they have already lost a load of personal information it does not bode well for trusting them to keep the data safe.

  3. Jay Lenovo Silver badge

    Equifax Fire Monitoring Service

    Eight months ago you may have been a victim of a fire. In fact, you could be on fire now, or could be in the future.

    I know you will be concerned about what this means for you and how we will support you. Call between 8am-8pm. We will not call or email you unless you ask us too.

  4. Anonymous Coward
    Anonymous Coward

    promised to send us a timeline

    watch this space, c. 2020.

  5. StuntMisanthrope Bronze badge

    Different palm strokes for different folks.

    When are they losing, whichever bullshit license they operate under and closing the door. They serve no purpose, other than badly presenting inaccurate information (and charging to put right); to gild a made up number, used to falsely inflate peoples creditworthiness (bad tings TM) or unduly punish the poor or unlucky. #gotojaildonotpassgo

  6. Anonymous Coward
    Anonymous Coward

    The cupboard is bare....

    Given the amount of time that hackers had access to Equifax's system February - June it is not unreasonable to assume all 980 million individual and 90 million corporate records have been taken. No company would ever admit to a theft on that scale unless forced by law to do so, they would provide numbers which sound plausible but are far from reality.

  7. sloshnmosh

    I don't understand why..

    users don't just use Equifax's data breach checking tool to see if they were affected?

    Oh, wait...

  8. Anonymous Coward
    Anonymous Coward

    Not exactly responsible behavior

    Equifax and many other companies who have been hacked have little incentive to tell the world about their negligence. There should be massive fines for such negligence and greater fines if affected customers are not notified within 30 days. These companies are very cavalier about other people's personal data and the nightmare outcome from exposure of this data.

    1. DontFeedTheTrolls Silver badge

      Re: Not exactly responsible behavior

      The problem with extreme fines is liquidation - if the fines are too large the companies can (and do) shut down. Look at the ICO fines for spam calls and texts

      Jail time for the Directors should be considered.

  9. greenwood-IT

    GDPR Deadline...

    Equifax better get a move on - if my notification of the hack arrives after May 25th I'll be up for 2% of their global revenue won't I? :-)

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR Deadline...

      That's a good point, do equifax and other credit agencies have to get my consent? The only notification on the website is that I can access my credit check for free once GDPR kicks in.

    2. nagyeger

      Re: GDPR Deadline...

      I thought it was 4% PLUS damages/time/etc?

      After all, if they're failing to protect your rights, (72hour notification...) and on top of that they're causing significant stress, hair-loss, sleep-loss, humour-loss....

  10. Anonymous Coward
    Anonymous Coward

    And yet world+dog drags Zuck over the coals

    If only 1% of the anti-Facebook ire were aimed at Equifax.

    1. Anonymous Coward
      Anonymous Coward

      Re: And yet world+dog drags Zuck over the coals

      Alas you have no choice, you can't avoid Equifax unless you live in a self sustaining cabin in the woods with no utilities, no bank account, and no accounts with companies that offer credit of any type.

      Aiming ire at Equifax would be like trying to herd cats.

  11. Torchy

    UK National's data stored on a non UK server?

    What was UK national's data doing on a US based server?

    We have laws in place that state that this practice should not happen.

    Why is the UK's Information Commissioner not involved?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019