Two senior staff at Equifax to retire following data breach

Updated: 

The chief information officer and chief security officer of Equifax are retiring, the firm has announced.

It comes after the US credit monitoring company said that about 400,000 people in the UK may have had their information stolen following a cyber security breach.

An investigation found that a file containing UK consumer information "may potentially have been accessed".

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information.

The attack saw the data of 143 million people breached in America.

In a statement issued on Friday, a spokesman for Equifax said: "As part of the company's ongoing review of the cyber security incident... Equifax Inc today made personnel changes.

"The chief information officer and chief security officer are retiring. Mark Rohrwasser has been appointed interim chief information officer... Russ Ayres has been appointed interim chief security officer.

"The personnel changes are effective immediately."

The spokesman added: "Equifax's internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation."

Atlanta-based Equifax discovered the hack in July, but only informed consumers last week.

In an effort to provide reassurance, the firm said it was unlikely that people would be hit by "identity takeover".

It said it would contact them in writing to offer advice and a free identity protection service monitoring their personal information and data.

Equifax UK president Patricio Remon said: "We apologise for this failure to protect UK consumer data.

"Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward."

Equifax alerted the public to the cyber attack on September 7.

Equifax said its UK systems had not been impacted by the attack, but the information of British consumers may have been accessed because of a process failure in 2016 which saw a "limited amount" of UK data stored on the American system between 2011 and 2016.

It added that the UK consumer data that may have been stolen does not include "any single Equifax business clients or institution".

It comes after Equifax was ordered by the Information Commissioner's Office (ICO) to alert British customers after the firm said "criminals" had exploited a website application to access its files.

Lenders rely on the information collected by credit bureaus such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.

A spokesman for the ICO said: "It is always a company's responsibility to identify UK victims and take steps to reduce any harm to consumers.

"The Information Commissioner's Office have been pressing the firm to establish the scale of any impact on UK citizens and have also been engaging with relevant US and UK agencies about the nature of the data breach.

"It can take some time to understand the true impact of incidents like this, and we continue to investigate.

"Members of the public should remain vigilant of any unsolicited emails, texts or calls, even if it appears to be from a company they are familiar with.

"We also advise that people review their financial statements regularly for any unfamiliar activity.

"If any financial details appear to have been compromised, victims should immediately notify their bank or card company. If anyone thinks they may have been a victim of a cyber crime, they should contact Action Fraud."

Cyber attacks have become an increasing problem for big firms that hold a large amount of customer data.

HSBC and TalkTalk are among the most high-profile British firms to be hit in recent years.