The information commissioner said it was investigating how the hack on Equifax, a US credit rating firm, affected UK customers, many of whom will be unaware their data is held by the company.
Equifax and its UK subsidiary companies state on their websites that they represent British clients including BT, Capital One and British Gas.
There are fears that customers of these companies could now be affected. BT said that “many companies in the UK” used Equifax services and said that it was “monitoring the situation closely”.
The Information Commissioner’s Office (ICO) has urged Equifax to alert affected UK customers as soon as possible, and said it will work with the relevant overseas authorities on behalf of British citizens.
Equifax says it holds the personal details of 44 million UK citizens but many British victims will be unaware they have had details stolen as they will not directly be Equifax customers.
Equifax admitted hackers had exposed the personal data of 143 million customers in the US, which was stolen between mid-May and July this year due to a vulnerability on its website.
However the hack was not made public until now.
The stolen information includes names, social security numbers, dates of birth, addresses and, in some instances, driver’s licence details. It is also thought that around 209,000 credit card numbers were also stolen.
Equifax said: “limited personal information” from British and Canadian residents had been compromised.
ICO Deputy Commissioner James Dipple-Johnstone, said: “Reports of a significant data loss at US-based Equifax and the potential impact on some UK citizens gives us cause for concern.
“We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised.
“We will be advising Equifax to alert affected UK customers at the earliest opportunity. “In cyber attack cases that cross borders the ICO is committed to working with relevant overseas authorities on behalf of UK citizens.”
A spokesman for BT said: “We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”
The attack was described as one of the largest in US history. Avivah Litan, a analyst who monitors ID theft and fraud for the technology and research company Gartner saud: “”On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data.”
It has since emerged that three senior executives at Equifax sold shares worth a combined $1.8m (£1.3m) a few days after the company discovered it had been hacked. However, Equifax said the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares”.
Richard Parris, CEO and Chairman of security company Intercede: “Equifax’s data breach is an example of the type of breach we should not be seeing today, and it’s worrying that calls for change are falling on deaf ears.
“Companies like Equifax are supposed to be the bastions of customer data. Yet, as has worryingly become commonplace today, businesses are continuing to neglect how they protect customer data – and even their own data. ”
A BT spokesman said: “We are aware of the developing story and are monitoring the situation closely.
“Like many companies in the UK, BT uses Equifax services. “We are working on establishing whether this breach has any impact on those services.”
The company has set up an advice section on its website for those affected in the hack and said it would provide free identity theft protection and credit file monitoring to all US customers.
SOURCE : Telegraph.co.uk