Equifax says almost 400,000 Britons hit in data breach Published duration 15 September 2017

image copyright Reuters image caption The massive data breach is being investigated by US and UK data watchdogs

Data about British people "may potentially have been accessed" during the data breach at the US credit rating firm Equifax.

The UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

Last week, Equifax revealed details of the hack and said data on more than 143 million Americans was taken.

The US Federal Trade Commission is investigating how the data was stolen.

Information released when details of the breach were disclosed suggest that hackers got at Equifax's internal systems between mid-May and the end of July this year when the company discovered it had been penetrated.

Data on social security numbers, birth dates and addresses, was taken during the incident.

Equifax is now facing dozens of legal claims over the incident.

Protecting data

In a statement, the UK office of Equifax said an internal investigation had shown that data on UK consumers was accessed during the hack.

It said data on Britons was being held in the US due to a "process failure" which meant that a limited amount of information was stored in North America between 2011 and 2016.

The information held included names, dates of birth, email addresses and telephone numbers. No addresses, passwords or financial data was involved.

Equifax said that because the data on UK citizens was limited it was "unlikely" that those affected would suffer identity theft.

It said it would contact those affected and offer them free ID protection services that would alert them to any attempt to carry out fraud with their details.

"We apologise for this failure to protect UK consumer data," said Patricio Remon, president at Equifax's UK office, in the statement.

"Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward," he added.

It said it was co-operating with the Financial Conduct Authority and the Information Commissioner's Office on their investigations.