Britain’s financial regulator, the Financial Conduct Authority (FCA), has issued an £11 million ($13.4 million) fine to Equifax following the consumer credit rating agency’s role in one of the largest security breaches to date.

British finance regulator hits Equifax with a $13.4m fine following data breach

The penalty stems from a major data exposure suffered by the company’s parent firm, Equifax Inc., in the US. During the event, hackers gained access to the personal information of around 147.9 million US consumers.

The FCA revealed that hackers also compromised the details of 13.8 million UK data subjects whose information had been held on computer servers in the States. The stolen data included names, dates of birth, credit card information, addresses and other sensitive details.

risk london soeaker card

The UK’s Leading Risk Focused Expo

Complex regulatory requirements, emerging technologies, changing working practices, geopolitical uncertainty, ESG-related risks, high-interest rates – we are all facing a new and potentially challenging era. #RISK can help you navigate the complexities of the risk landscape.

#Risk London is here to empower you with the knowledge, insights, and connections you need to survive and thrive in a fast changing world of risk.

Don’t miss out on this opportunity to learn from the best and network with the brightest minds in risk.


The FCA emphasised that the cyberattack was wholly avoidable, highlighting how Equifax had outsourced critical data and failed to secure their systems adequately, unnecessarily increasing risk and vulnerability. 

Alarmingly, the UK arm of Equifax remained unaware of the breach for six weeks after its parent company’s discovery, indicating serious lapses in cybersecurity protocols.

In response, Equifax said they have invested over $1.5 billion in security enhancements since the cyberattack occurred six years ago. Despite their efforts, the FCA’s scrutiny resulted in a substantial fine which was subsequently reduced in light of cooperation with resolving the incident.

Know the risks

GDPR Reform, Online Safety, Light-Touch AI Regulation: Making Sense of the UK Legal Environment

Day 1: #RISK London, 18th October, 14:00 - 15:00
Data Protection & Privacy Theatre

The UK government’s direction on tech and data policy has left data protection professionals in a deeply uncertain and often confusing regulatory environment. 

It’s not just GDPR reform that could impact data protection – the Online Safety Bill, AI regulatory framework and Information Commissioner’s Office (ICO) guidance could all impact the day-to-day work of privacy professionals.

This session will help you make sense of the UK’s current legal landscape, with tech policy and data protection experts providing a comprehensive update of the various bills, frameworks and legal amendments likely to arise in the coming years.



Future-Proofing Your Privacy Program: Leveraging Cutting-Edge Technology for Long-Term Compliance

Day 1: #RISK London, 18th October, 15:00 - 15:45
Data Protection & Privacy Theatre


Leveraging regulatory compliance and technology to reduce risk

Day 2: #RISK London, 19th October, 12:00 - 12:30
GRC Theatre

The session will cover aspects of UK and EU regulations such as resilience and third-party risk.

We’ll look at how to leverage people, processes and technologies around the underlying elements outlined by regulations and IT risk challenges.

Risk London 2023