National Cyber Security Centre
NCSC advice for Equifax customers
Advice for Equifax customers affected by the recent cyber incident.
Equifax yesterday confirmed that a file containing 15.2m UK records dating from between 2011 and 2016 was attacked in the cyber incident that took place in May 2017.
If you have been told by Equifax that security details from your Equifax.co.uk membership account – such as password and secret questions - have been accessed, you should ensure those details are not used on any other accounts. NCSC advises that passwords are managed carefully across online services and more information can be found on the NCSC website.
Another risk to UK citizens affected by this data breach is that they could be on the receiving end of more targeted and realistic phishing messages. Fraudsters can use the data to make their phishing messages look much more credible, including using real names and statements such as:
'To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number'.
These phishing messages may be unrelated to Equifax and may use more well-known brands. It is unlikely that any organisations will ask their customers to reset security information or passwords as a result of the Equifax breach, but this may be a tactic employed by criminals. The NCSC guidance on protecting yourself from phishing still applies.
Usually, if you are the target of a phishing message, your real name will not be used. However, in this case, if fraudsters have your name, people will need to be extra vigilant around any message that purports to be from an organisation they deal with - especially when there are attachments or links which take people to sites asking for more personal information.
Fraudsters may also call. If you do receive a phone call that is suspicious - for example by asking you for security information - do not divulge any information, and hang up. You should then contact the organisation the caller claimed to be from – never using the details they provided during the call.
The NCSC, with Equifax and partners including the NCA, ICO and FCA, continues to examine this incident and should further information come to light about the extent and nature of the impact on the UK, we will provide further updates and advice as soon as we can.
Members of the public can report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information visit www.actionfraud.police.uk.
Latest News from
National Cyber Security Centre
Russian military ‘almost certainly’ responsible for destructive 2017 cyber attack16/02/2018 09:15:00
An assessment by the National Cyber Security Centre has found that the Russian military was almost certainly responsible for the ‘NotPetya’ cyber attack of June 2017.
Foreign Office Minister condemns Russia for NotPetya attacks15/02/2018 16:22:00
UK judges that the Russian government was responsible for the NotPetya cyber-attack of June 2017.
Finalists announced for contest to crown UK's most cyber savvy girls15/02/2018 09:15:00
The top ten teams from the CyberFirst Girls' online stage have been announced.
NCSC's London HQ reaches another milestone14/02/2018 13:20:00
The National Cyber Security Centre (NCSC) officially moved into Nova South a year ago today after the building was opened by Her Majesty The Queen.