"People have been left in the dark for too long, which has increased the risk that they fall victim to identity theft and fraud."
Nicky Morgan, Chair of the Treasury Committee, has written to the FCA's Chief Executive Andrew Bailey, asking for his views on a data breach at Equifax.
Last month, UK residents were affected by a cyber-security breach at Equifax, in which the personal information of up to 400,000 UK customers was potentially accessed.
US parent company Equifax Inc. announced that a file containing UK consumer information "may potentially have been accessed" due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.
Morgan has asked for Bailey's assessment of Equifax’s response to the incident, and whether the FCA is considering further action.
She said: "I understand that Equifax Limited is authorised by the FCA as a credit reference agency and a credit broker, and that as such, it must comply with the FCA's principles for businsesses."
Morgan has asked Bailey to reveal when Equifax first notified the FCA of the breach, whether the FCA is satisfied that Equifax has identified all UK individuals affected and in a suitable timescale, and whether it believes "principles, rules or threshold conditions for authorisation may potentially have been breached".
She also asked whether there were implications for enforcement options or a consumer redress scheme to compensate affected individuals.
Morgan commented: “Equifax has taken too long to notify those affected by its widespread cyber-security breach. People have been left in the dark for too long, which has increased the risk that they fall victim to identity theft and fraud.
“It is particularly concerning that the breach occurred in a business that sells identity protection services, and is looking to take advantage of the commercial opportunities afforded by data sharing initiatives, such as Open Banking.
“Mr Remon has said that the immediate focus of Equifax is to ‘support those affected by this incident’. The Treasury Committee will hold him to these words, and will consider taking public evidence from Equifax, particularly if it does not receive a full and timely response to these questions.”