We are aware of a cyber incident affecting the credit rating agency Equifax, and are working with partners to offer advice to those affected in the UK.
Equifax has confirmed that at least 400,000 UK citizens have been affected by the recent Equifax data breach. At this moment in time password related data does not appear to be involved in this breach.
Since the incident was first reported to us on Friday 8 September, we have been working with Equifax, as well as law enforcement partners in the USA and UK, in order to gain a precise understanding of the extent of the data leak. The main risk to UK citizens affected by this data breach is that they may be at risk of receiving targeted and realistic phishing messages.
Usually if you are a victim of a phishing message, your real name will not be used. However, in this case as fraudsters may have your name, you will need to be extra vigilant around any message that purports to be from an organisation you deal with, especially when there are attachments or links which lead to sites asking for more personal information.
Fraudsters may also call. If you do receive a phone call that is suspicious - for example by asking you for security information - do not divulge any information and hang up. You should then contact the organisation the caller claimed to be from – never using the details they provided during the call.
Members of the public can report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040.
Here’s what you can do to make yourself safer:
- If any of your financial details were compromised, notify your bank or card company as soon as possible. Review your financial statements regularly for any unusual activity.
- Be suspicious of any unsolicited calls, emails or texts, even if it appears to be from a company you know of. Don’t open the attachments or click on links within unsolicited emails, and never disclose any personal or financial details during a cold call.
- Check your bank accounts and report any suspicious activity to your bank.
- If you have been a victim of fraud or cyber crime, please report it to us on the Action Fraud website.
- Criminals often use information they have obtained during a data breach to commit fraud by contacting people by email and requesting them to provide personal information or click on malicious links.
- An email address can be spoofed. Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
- The sender’s name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution; particularly if the texts are asking you to click on a link or call a number.
- Don’t disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or to transfer your money to another “safe” account.
- We would also reiterate our general cyber security advice, which people can apply to their own personal data and computer devices:
- Use strong passwords by choosing three random words. Numbers and symbols can still be used if needed, however, using three random words is the key to creating a strong password.
- Always use a strong and separate password for your email and other important accounts.
- For more information, visit https://www.cyberaware.gov.uk/passwords