The City watchdog has launched an investigation into a cyberattack on credit reporting company Equifax that resulted in millions of UK records being stolen.
A huge breach in May this year affecting the US-based company saw personal information relating to more than 145 million people compromised.
Equifax said earlier this month that a file containing 15.2 million UK records dating from 2011 to 2016 was stolen during the hack and that it is to write to 700,000 people who were significantly affected.
The Financial Conduct Authority (FCA) said on Tuesday that it was “investigating the circumstances surrounding a cybersecurity incident that led to the loss of UK customer data held by Equifax Ltd on the server of its US parent”.
Equifax has said that 14.5 million UK customers may have had their names and dates of birth compromised but did not face “any significant risk”.
But a further 12,000 had Equifax-associated email addresses breached and nearly 15,000 with Equifax memberships had portions of their usernames, passwords, secret questions and answers and partial credit card details accessed.
A remaining 667,000 – who were not direct customers of Equifax but whose details it may have stored by the company as part of the credit-checking process – had driving licence and phone numbers accessed.
Credit bureaux such as Equifax collect information which is relied on by lenders to help them to decide whether to approve financing for homes, cars and credit cards.
The Atlanta-based company discovered the hack in July and informed consumers in September.
Equifax said it was “already working closely with the FCA and other authorities”.
It added: “We welcome this opportunity to learn the lessons from this criminal cyber attack in order for all businesses to better protect consumers in the future.”
Nicky Morgan, chair of the Commons Treasury Select Committee, said: “Hundreds of thousands of people in the UK have been affected by the Equifax data breach.
“The FCA is right to investigate the circumstances surrounding it.”