Personal information of around 400,000 people in the UK might have been stolen during the cubersecurity breach at Equifax.
Data includes names, dates of birth, email addresses and telephone numbers but not postal addresses, passwords or financial information.
The hack was discovered by Equifax back in July but it only started contacting those affected earlier in September.
People are being contacted in writing with the offer of free advice and a free identity protection service which monitors their personal information and data.
Equifax said that it was unlikely that people would fall victim to an “identity takeover”.
The firm’s president, Patricio Remon, added: “We apologise for this failure to protect UK consumer data.
"Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes.”
What has happened?
Equifax said that its UK systems hadn’t been impacted by the attack by information on those affected here may have been because of a process failure in 2016, which meant that some UK data was stored on the US system between 2011 and 2016.
The credit monitoring firm said the investigation into the data breach is ongoing and it’s working with the Financial Conduct Authority and the Information Commissioner’s Office to get to the bottom of it.
Sneakily, the firm waited until late Friday afternoon to announce that UK customers had been affected – leading many to accuse it of trying to bury bad news.
I think I might have been affected – what can I do?
Equifax will be writing to those at risk so keep an eye on the post in the coming days.
If you’re worried you might have fallen victim to fraud, contact your bank as soon as you can and report it to Action Fraud.