Equifax's data breach is the gift that keeps on giving. Not long after the company revealed that its hack affected 145.5 million people in the U.S. instead of the originally estimated 143 million, it said that 693,665 people were affected by the breach in the UK, too. But there's good news for everyone across the pond: Equifax said the compromised data is less critical than what was taken in the U.S.
U.S. consumers had their names, addresses, Social Security numbers, and other highly valuable information stolen. Brits, on the other hand, mostly have to worry about their email addresses, phone numbers, and login credentials. Some people also had partial credit card information or their driving license numbers revealed, but that still pales in comparison to the data many Americans now have to worry about safeguarding.
People in the UK will also be happy to hear that far fewer people were affected by the breach; 693,665 consumers is less than 1% of the number of Americans whose information was taken. (Canada still has it better, with a scant 8,000 people believed to have been affected by the attack.) Here's Equifax's breakdown of what information was taken, per its site devoted to the breach:
12,086 people have had the email address associated with their Equifax account in 2014 accessed. 14,961 people have had their Equifax membership details from 2014 accessed – this is likely to include username, password, secret questions and answers, and partial credit card details. There are also 29,188 consumers who had their name and driving license number accessed.
The rest - 637,430 - had their name and a phone number accessed.
It seems like this could have been far worse—Equifax said 15.2 million records were taken, but the files "contained duplicates and spurious fields as well as sizeable test datasets" with a sprinkling of legitimate customer data. The company figured out how many people were affected via "time-consuming and technically difficult analysis." It also found people's current home addresses so it could notify affected consumers via post.
If only the company had taken such care with its security practices instead of, say, allowing a staggering number of Americans to live with the fear of identity theft because it didn't patch a known vulnerability. Or allowing members of its social media team to direct people to a fake website that could've stolen even more information. But hey, at least we now know how many UK consumers were also affected by the breach.