Two senior figures at Equifax have stood down after the massive data breach which was reported last week.
The personal data of up to 143 million Americans, 400,000 Britons and a number of Canadians are believed to have been stolen by hackers between May and July.
Chief information officer David Webb left the US credit report giant, replaced by Mark Rohrwasser on a temporary basis.
The Atlanta-based firm said chief security officer Susan Mauldin has also been replaced on an interim basis by Russ Ayres.
The US Federal Trade Commission is investigating the breach, in which hackers potentially gained access to the social security numbers, birth dates, addresses and driving licence numbers for up to 143 million Americans. Credit card numbers for around 209,000 Americans were also potentially accessed while “certain dispute documents with personal identifying information” for 182,000 Americans were also exposed.
Equifax said in a statement on Friday that its UK systems had not been breached, although a file containing UK consumer information may potentially have been accessed.
It said: “This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016. The information was restricted to: Name, date of birth, email address and a telephone number and Equifax can confirm that the data does not include any residential address information, password information or financial data.
“Having concluded the initial assessment Equifax has established that it is likely to need to contact fewer than 400,000 UK consumers in order to offer them appropriate advice and a range of services to help safeguard and reassure them.
“Due to the nature of the information Equifax believes identity takeover is unlikely for the UK consumers who had their data potentially accessed in this incident.
“It is however important that Equifax does all that it can to provide reassurance and protection to these people and it will be proactively contacting impacted customers in writing to offer them a free comprehensive identity protection service which will allow them to monitor their personal data, including their credit information and be alerted to any potential signs of fraudulent activity.
“The service will also incorporate web and social media monitoring alerting the consumer to any publically available information about them. Equifax will also provide links to services provided by other UK regulated organisations which these consumers may prefer to take-up in addition to or instead of the free services provided by Equifax.”
Patricio Remon, president at Equifax, said: “We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes going forward.”
Equifax said it is in dialogue with the Financial Conduct Authority and Information Commissioner’s Office.
Its share price has fallen by more than a third since it revealed the breach on 7th September, Reuters reported.