16.9.17

How many people outside the U.S. are affected by the Equifax breach?


[ Update September 15, 2017: Equifax has released more detailed information pertaining to the stolen data from people in the UK. The names, dates of birth, email addresses and telephone numbers of up to 400,000 people in the UK may have been accessed.]
If you’ve been reading news about the recent Equifax breach, you may have noticed that many articles mention briefly that people in the United Kingdom and Canada are also affected. There has been little clarification as to how many people were affected, or what exactly was lost.
The current statement from Equifax is that there was “unauthorized access to limited personal information for certain U.K. and Canadian residents.” Due to this heavy emphasis on customers in the U.S., many of us have not really considered how much or how little this could mean to people in the UK and Canada.
Breach Maths
Certainly, in terms of total numbers and dramatic headlines, 143 million is a lot of victims. This means that 44 percent of all Americans could have been affected. If we assume that this breach primarily affects adults, it could be up to 60 percent of the population over the age of 18.
What we don’t currently know is how many people in the U.K. and Canada were affected. We know that Equifax has data on 820 million consumers worldwide and it operates in 24 countries. Of those 820 million, the company has information on 44 million people in the UK and 26 million in Canada.
If we assume again that this breach primarily affects adults, and if we assume that these numbers are the maximum number of possibly affected consumers in each country, this could mean that up to about 80 percent of adults in both countries may be affected.
While we do know that Equifax has found no evidence of unauthorized activity on their core consumer or commercial credit reporting databases, it’s entirely possible that this breach does not affect the total number of Equifax customers in either country. As much as anything, people are concerned about the lack of certainty.
Protect as if you’ve already been compromised
There is a popular saying in information security circles that says that everyone should protect their data as if they’ve already been compromised. While credit freezes were until recently considered a “drastic measure” – only for people who had already had identity theft-related fraud committed against them – they are now being widely recommended as a basic preventative measure for everyone. Equifax is now waiving fees for anyone wishing to set up this protection on their credit reports.
It seems wise, especially for people in the U.S., U.K. and Canada, to be extra vigilant until more specific information becomes available. Even if it turns out that few people in either country were affected, getting in the habit of double-checking what’s happening with your financial accounts and credit history is never a waste of time or effort.