Credit bureau Equifax hit with maximum possible fine under U.K. law for ‘multiple failures’ that contributed to massive 2017 data breach. The company failed to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security. It also failed to obtain users’ consent for doing so, telling the ICO this would have created a security risk. The breach occurred in 2017 – from May 13 to July 30 – it did not fall under the EU’s General Data Protection Regulation, which went into effect on May 25.”]
Source: https://www.cuinfosecurity.com/equifax-hit-maximum-uk-privacy-fine-after-mega-breach-a-11532