Equifax is being hit with a £500,000 fine over its massive 2017 data breach that affected 146 million people globally, the UK's Information Commissioner's Office (ICO) announced Wednesday.
Why it matters: The fine is very small compared to what Equifax would've received had the breach happened just one year later, when the U.K. implemented GDPR, the sweeping data privacy law that would've penalized Equifax up to 4% of its global annual revenue.
The U.K.'s privacy office says it's fining Equifax for failing to protect the personal information of up to 15 million UK citizens during the 2017 attack. It says the loss of personal information is particularly problematic because it undermines consumer trust in digital commerce.
"Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”— Elizabeth Denham, Information Commissioner in a statement
The big picture: Equifax has dodged a lot of scrutiny and penalties despite experiencing one of the most pervasive data breaches of personal information to date. As Axios' Joe Uchill notes, the breach has barely changed lawmakers' thinking on Capitol Hill.