Penalty against Equifax Ltd
In 2017, records of a total of 146 million customers were stolen, including 15 million UK customers. Equifax Ltd is a credit reference agency and provides information about the creditworthiness of a debtor (similar to a Schufa report).
According to the British data protection authority, the data records were stored for too long and were poorly secured.
As the case occurred before the GDPR came into force, the penalty range of the Data Protection Act (DPA) was applied and the maximum penalty of £500,000 was imposed.
Entscheidungsdatum:
19.09.2018
Land:
Great Britain
Art des Verstoßes:
technical deficiency
Betroffene Datensätze:
15 000 000
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 575,000,-
Violation of GDPR Paragraph:
unknown
Quelle:
Communication from the UK data protection authority ICO (English)