Penalty against Equifax Ltd
In 2017, records were stolen by a total of 146 million customers, including 15 million British customers. Equifax Ltd is a credit reference agency and provides information on the creditworthiness of a debtor (similar to a Schufa information). The data sets were stored too long according to British data protection authority and were insufficiently secured. Since the case occurred prior to the entry into force of the GDPR, the Data Protection Act (DPA) penalty was applied and the maximum penalty of £ 500,000 was imposed.
Decision data:
19.09.2018
Country:
United Kingdom
Type of Issue:
technical deficiency
Number of involved data records:
15 000 000
Special category of data involved:
No
Fine:
€ 575,000,-
Violation of GDPR Paragraph:
unknown
Reference: