British arm of Equifax fined over 2017 data breach

A British regulator hit the U.K. branch of Equifax with a fine of £500,000, or about $662,000, for failing to protect the personal information of people in the country during a cyberattack last year.

The fine from the Information Commissioner’s Office was levied against Equifax Ltd, the British arm of the American Equifax Inc., which experienced the massive data breach last year. It was the largest fine possible under a 1988 law, according to the regulator.

{mosads}The office said in a statement Thursday that up to 15 million British citizens may have had their personal information exposed in the breach.

The regulator found that the division was responsible for making sure that the U.S. company was properly protecting the personal information of British people.

Information commissioner Elizabeth Denham said in a statement that the massive fine was issued “because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”

Equifax first announced last September that it had experienced the data breach. The company faced intense scrutiny from lawmakers in the months afterward, with some executives testifying before Congress.

The credit bureau announced in March that an additional 2.4 million people were affected by the massive hack, bringing the total number of impacted individuals up to 147.9 million.