Equifax’s U.K. arm was fined around $13.6 million Friday for failing to protect the data of millions of British customers in a 2017 hack of the credit-reporting company. The British arm outsourced customer-data processing to the U.S., and then failed to manage or monitor data security, the Financial Conduct Authority said. Hackers accessed sensitive details of about 148 million people in the U.S. and 13.8 million in the U.K.
only learned about the breach five minutes before it was disclosed, and six weeks after the U.S. business knew about the hack, the regulator said. The unit was slow to inform customers and gave them inaccurate information, the FCA said. An executive responsible for U.K. customer security knew earlier that non-U.S. data might have been affected, but was told by a U.S. boss to stop asking questions, the FCA said.