Equifax has admitted that almost 700,000 UK consumers have had their personal details accessed following a cyber-attack, a figure far higher than previously thought.
The information held by the American credit monitoring firm included partial credit card details, phone numbers and driving licence serial numbers.
Equifax – based in Atlanta, Georgia – discovered the hack in July but only informed consumers last month, leading the information commissioner to order the company to inform British residents “at the earliest opportunity” if their personal information had been put at risk.
The move came after Equifax said a hack had exposed the social security numbers and other data of about 143 million Americans.
Lenders rely on the information collected by credit bureaux such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.
Equifax said a file containing 15.2m UK records, dated between 2011 and 2016, was hacked and included data from “actual” consumers, as well as test and duplicate data.
The company said its investigation found that it would need to contact 693,665 British consumers by post to tell them how to protect against any potential risk.
Almost 13,000 consumers had an email address associated with their Equifax.co.uk account accessed in 2014, while just under 15,000 consumers had portions of their Equifax membership details – such as username, password, secret questions and answers and partial credit card details – accessed.
It said nearly 30,000 had their driving licence number accessed, while the phone numbers of a further 637,430 consumers were accessed.
Patricio Remon, Equifax’s Europe chief, again apologised to anyone affected by the hacking.
“It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics…