We are aware of a cyber incident affecting the credit rating agency Equifax, and are working with partners to understand any potential impact in the UK.
Since the incident was first reported to us on Friday 8 September, we have been working with Equifax, as well as law enforcement partners in the USA and UK, in order to gain a precise understanding of the extent of the data leak and whether any UK citizens may have been affected. We will post a more detailed update when we have more information to give.
Until then, anyone concerned that their data may be affected can contact Equifax by visiting the Equifax website for further information.
Here’s what you can do to make yourself safer:
- If any of your financial details were compromised, notify your bank or card company as soon as possible. Review your financial statements regularly for any unusual activity.
- Be suspicious of any unsolicited calls, emails or texts, even if it appears to be from a company you know of. Don’t open the attachments or click on links within unsolicited emails, and never disclose any personal or financial details during a cold call.
- Check your bank accounts and report any suspicious activity to your bank.
- If you have been a victim of fraud or cyber crime, please report it to us on the Action Fraud website.
Criminals often use information they have obtained during a data breach to commit fraud by contacting people by email and requesting them to provide personal information or click on malicious links
- An email address can be spoofed. Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
- The sender’s name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution; particularly if the texts are asking you to click on a link or call a number.
- Don’t disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or to transfer your money to another “safe” account.
We would also reiterate our general cyber security advice, which people can apply to their own personal data and computer devices:
- Ensure you have strong passwords, being at least 10 characters long, using a mixture of upper and lower case characters, and including numbers and symbols.
- Use a different password for different websites you visit.