Equifax data breach - any experiences/advice?

[Robert Poste's Child]

I got a letter from Equifax telling me that my data has been breached. Their so-called helpline (including the numbers listed on their website for complaints) put you, via a very bad line, to a call centre in Manilla (not the most reassuring tactic they could have chosen - presumably the irony is lost on them).

If you don't feel comfortable with the above, the only option appears to be to escalate a oomplaint in writing - SLA apparently two months; again, not very reassuring.

The questions I want to ask are:

1. Given the breach happened in May 2017, why has it taken 6-7 months to inform me?

2. Are they protecting my information more effectively now? How?

3. The letter says the breach 'included' my name, DOB and phone number. What does 'included' mean in this context - is it limited to these items only or might other data (banks, credit cards, address history, partner/child status, driving licence, occupation/employers, electoral roll...) have been compromised?

4. The letters offers ways to check on fraudulent activity, but as far as I can see only from here on. How do I check for activity between May and now? Have/can they check(ed) my record for signs of any fraudulent activity rather than making it my responsibility?

I'm angry that this is a form of data use we have no control over - we can't opt out, and, as anyone who's ever tried it knows, identifying incorrect information in your record and getting it changed is very difficult as they act like it's their information rather than yours.

I called the Financial Ombudsman and was advised that as it relates to data they can't do anything. Apparently the province of the ICO, whatever that is.

Does anyone have any personal experiences or advice to offer?

Thanks.

[adonirum]

RPC, the ICO refers to the Information Commissioner's Office.

This is the "Ombudsman" service to whom to complain to regarding non-compliance with Subject Access Requests (personal data), F.O.I Requests and the like. Unfortunately, unlike for example the energy service, they are not able to make financial awards or seriously admonish an institution for breaches, or at least that is my understanding unless anyone knows differently.

[Robert Poste's Child]

All seems to be a whitewash.

[JohnL]

Some info here

https://www.moneysavingexpert.com/news/protect/2017/11/got-an-equifax-letter-saying-you-were-hacked-the-helplines-struggling---heres-what-to-do

and from the comments there

https://www.hayesconnor.co.uk/data-protection-compensation/

ICO = The Information Commissioner?s Office

[Robert Poste's Child]

Thanks; yes, I'd looked at those - MSE always useful for financial misbehaviour.

The most interesting thing I learned is not that nearly 700,000 people's mobile numbers were leaked, rather a lot more than the 400,000 they said originally: it's that there were a further estimated 14.5 million people - that's nearly a quarter of the UK adult population - whose names and dates of birth were leaked but Equifax has deemed this 'not a significant risk' and has no plans to inform them.

[5imon]

I received the same letter, RPC.

I've contacted the ICO to establish what options I have.

[Robert Poste's Child]

If you find out anything please do pass it on, Simon.

Having investigated further it seems for me it's fairly low-risk, mainly junk phone calls and texts, but I've raised a complaint with them as that seems the only alternative way to get clarification.