Equifax Inc.’s political troubles expanded, as a top U.K. Parliament lawmaker demanded information from the company and its British regulator about the hack that exposed sensitive data for nearly 700,000 U.K. consumers.
Nicky Morgan, chair of the Parliament’s Treasury Committee, asked the chief executive of the company’s U.K. unit in a letter on Wednesday for details about the scale of the breach, how much credit information was compromised and about the firm’s plans to compensate individuals. Morgan also questioned when the company first became aware of the breach and said the committee would consider holding a public hearing if it doesn’t receive adequate answers.
“Equifax has taken too long to notify those affected by its widespread cyber-security breach,” Morgan said in an emailed statement. “People have been left in the dark for too long, which has increased the risk that they fall victim to identity theft and fraud.”
In a separate letter to Andrew Bailey, chief executive of the U.K. Financial Conduct Authority, Morgan asked about the regulator’s options for enforcement actions given that the firm’s parent company is based in Atlanta. She asked whether rules had been broken in the “process failure” that transferred U.K. data to the U.S. and if such transfers compromised the FCA’s ability to protect consumers.
Morgan questioned whether the FCA or the Information Commissioner’s Office was the most appropriate body to carry out an investigation and asked for an account of the way responsibilities are divided between the two authorities.
The FCA received the letter and will respond, according to a spokesman for the regulator. Spokespeople for Equifax in the U.K. and the U.S. didn’t immediately respond to requests for comment.
Equifax said in a statement on Oct. 10 that it would need to contact 693,665 U.K. consumers about the breach, and another 14.5 million records were “potentially compromise.” Phone numbers, license numbers and partial credit card details were among those breached, according to the statement.