Update October 10, 2017: Equifax has updated their information pertaining to the stolen data from people in the UK and Canada. A file containing 15.2 million records dating from between 2011 and 2016 containing username, password, secret questions and answers, and partial credit card details from 693,665 people in the UK was also included in the attack. Equifax has also revised the total number of people in Canada affected by the breach down from 100,000 to 8,000.
Update October 02, 2017: Equifax has released more detailed information pertaining to the stolen data from people in Canada. The names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers of up to 100,000 people in Canada may have been exposed.
Update September 15, 2017: Equifax has released more detailed information pertaining to the stolen data from people in the UK. The names, dates of birth, email addresses and telephone numbers of up to 400,000 people in the UK may have been accessed.
If you’ve been reading news about the recent Equifax breach, you may have noticed that many articles mention briefly that people in the United Kingdom and Canada are also affected. There has been little clarification as to how many people were affected, or what exactly was lost.
The current statement from Equifax is that there was "unauthorized access to limited personal information for certain UK and Canadian residents." Due to this heavy emphasis on customers in the US, many of us have not really considered how much or how little this could mean to people in the UK and Canada.
Breach Maths
Certainly, in terms of total numbers and dramatic headlines, 143 million is a lot of victims. This means that 44 percent of all Americans could have been affected. If we assume that this breach primarily affects adults, it could be up to 60 percent of the population over the age of 18.
What we don’t currently know is how many people in the UK and Canada were affected. We know that Equifax has data on 820 million consumers worldwide and it operates in 24 countries. Of those 820 million, the company has information on 44 million people in the UK and 26 million in Canada.
If we assume again that this breach primarily affects adults, and if we assume that these numbers are the maximum number of possibly affected consumers in each country, this could mean that up to about 80 percent of adults in both countries may be affected.
While we do know that Equifax has found no evidence of unauthorized activity on their core consumer or commercial credit reporting databases, it’s entirely possible that this breach does not affect the total number of Equifax customers in either country. As much as anything, people are concerned about the lack of certainty.
Protect as if you’ve already been compromised
There is a popular saying in information security circles that says that everyone should protect their data as if they’ve already been compromised. While credit freezes were until recently considered a “drastic measure” – only for people who had already had identity theft-related fraud committed against them – they are now being widely recommended as a basic preventative measure for everyone. Equifax is now waiving fees for anyone wishing to set up this protection on their credit reports.
It seems wise, especially for people in the US, UK and Canada, to be extra vigilant until more specific information becomes available. Even if it turns out that few people in either country were affected, getting in the habit of double-checking what’s happening with your financial accounts and credit history is never a waste of time or effort.