Data Privacy and Cybersecurity

UK Regulators Hit Equifax With A Fine That Isn't As Big As You'd Think

The $660,000 penalty is the maximum amount allowed under the previous data protection law.

UK Regulators Hit Equifax With A Fine That Isn't As Big As You'd Think
Getty Images

UK regulators have hit credit reporting company Equifax with a fine related to its massive data breach in 2017, but the fine itself may seem small in comparison. 

The penalty, which is around $660,000 USD, is the largest amount allowed under the 1998 Data Protection Act. But it's much smaller than the fine that could have been handed out under the European Union's new General Data Protection Regulation.

That regulation imposes stricter rules on how companies can handle personal data, and those types of fines can be up can be up to four percent of a company's annual global revenue. That means Equifax could have faced a fine over $130 million USD, but the investigation into the breach took place before the EU implemented the law.

According to the UK's Information Commissioner, as many as 15 million British citizens might've had their personal information breached in that incident, and the British arm of Equifax didn't do enough to protect those customers. 

Around 148 million Americans had their information exposed during the 2017 data breach.