London Daily

Focus on the big picture.
Wednesday, May 13, 2026
LondOn!

On the inside of a hacking catastrophe

In early September 2017 David Rimmer was on the final day of a corporate get-together in the US, organised by Equifax, the giant financial firm he worked for.

It is one of the world's biggest credit score agencies, and Mr Rimmer was the chief information security officer (CISO) for Europe.

At the conference centre, he and a handful of other staff were called aside by the global chief security officer. "[He] told us 'there's something I need to tell you and you're going to need to be here indefinitely for the next couple of weeks'," Mr Rimmer explains.

"In that meeting, where external counsel [lawyers] were also present, some of us were told 'if you tell anyone else about this, you'll be fired on the spot and walked off-site'."

It was then that the significance of the breach and the consequences for him and the IT security team began to sink in.

"The impact of knowing something like that, the scale of what happened and not being able to talk to anyone about it is huge."

Immediately after the breach was discovered, only around 50 people from the 11,000 person company knew about it - just senior members of the information security team, some senior executives and people involved in the incident response process.

Cyber-criminals had accessed customer data such as social security numbers, birth dates and credit card details.

Ultimately the breach affected at least 147 million people in the US, as well as 14 million UK citizens and 100,000 Canadians.

The small team held discussions in a war room in Atlanta where they worked alongside outside experts to investigate the incident and put extra controls in place.

This added pressure to the 50-person team to resolve issues, while also isolating the group from the rest of the business.

"I'm sure everyone in the team felt responsible for what had happened, even though this was actually the result of years of corporate decision making on budgets and priorities. There was one member of our team who had worked for Equifax for 40 years, so the personal impact was staggering - there were many people sat at their desks on the verge of tears," Mr Rimmer says.

One week after Mr Rimmer and his team found out about the breach, Equifax published a press release detailing a "website application vulnerability" that malicious hackers had exploited.

"For the first week there was nobody standing up for the security team, clarifying that this is a corporate responsibility and it's not down to individual security professionals," he says.

The details becoming public had a further demoralising effect on staff, who were criticised on social media and in the press by their peers and others within the industry.

"The CISO was attacked for having a music degree even though this was 30 years ago when cyber-security wasn't a known concept. A middle manager on the security team was served with lawsuit papers directly, not via Equifax, while another employee had death threats on social media because he was identified as working for Equifax, so there was a disproportionate personal impact to some of those people who were singled out," says Mr Rimmer.

But that was not all. Chief executive Richard Smith, chief information officer David Webb and chief security officer Susan Mauldin all stepped down from their roles, causing further disruption.

Russ Ayers took over from Ms Mauldin in an interim role, but while Mr Rimmer praised Mr Ayers for his leadership qualities, he said that the fact that Mr Ayers had to go to Congress to testify in front of the US government meant that he couldn't provide the complete support that the security team required at that time.

"It was a really tough, isolating time with very little physical leadership, a lot of people feeling personally responsible and a lot of people feeling the pressure and not able to talk to anyone about how they were feeling."

While he understands why organisations would want to keep an issue like this between a small team of employees, he believes more needs to be done by employers to take into account the mental health of staff.

"There needs to be a big enough group who can talk to each other about the pressure they're under rather than a few people carrying the weight of the world for everyone. Companies need to recognise when they do planning exercises for security breach responses that they have a duty of care to security employees. Bringing in third parties or throwing money at the problem doesn't help - it exacerbates the problem by increasing the workload on the same staff," he says.

The majority of the 11,000 staff first heard about the incident through the news or after being told by a client or family member. Mr Rimmer believes employers also have a duty of care to employees within the wider business.

"Even if their roles had nothing to do with the incident, they would have felt distanced and almost tainted by association with Equifax but they had to get on with their jobs as usual," he says.

This would also have had a detrimental effect on the employee's effectiveness, as they would have to catch up on what the data breach meant for their part of the business.

"It wasn't just about security; IT was doing remediation, the legal team had to deal with customers, sales people had to manage relationships and restore trust, and almost every single part of the business stood still. Although the company will focus on restoring sales and brand perception, they also need to focus on morale and the health of staff across the entire business," he says.

Equifax agreed to pay up to $700m (£561m) in relation to the breach as part of a settlement with US regulator the Federal Trade Commission. It was also fined £500,000 by the UK's Information Commissioner's Office.

An Equifax spokesperson says: "We have made significant progress since the incident to enhance our security and technology operations. We have hired highly qualified Chief Technology and Chief Information Security Officers reporting directly to the CEO, as well as nearly 1,000 full-time IT and security professionals.

"In addition, we have increased our technology and security spending by an incremental $1.25 billion between 2018 and 2020, and we will continue to invest heavily to transform our technology and security to industry-leading capabilities."

However, Mr Rimmer believes that companies should not only focus on the financial consequences of breaches, and instead consider the human impact.

"Equifax spent millions responding to the breach, but that turned into people from the security team working overtime, on 36 hour shifts, and that's the hidden cost of the breach that no one has gotten near to quantifying so far," he says.

According to Simon Ashton, a business psychologist working at Phoenix Leaders, employers should provide adequate training to ensure that their staff feel confident in their skills and abilities to deal with the scenario by using role-playing data breach simulations.

"Once the situation is under control, employers should provide appropriate support so staff are able to discuss how they felt in that situation, what they learnt and what they might do differently next time. This reflection time is important, so staff have the opportunity to understand how they might behave differently in future events," he says.

Add Comment
Newsletter
Related Articles

UK Safeguarding Minister Resigns as Pressure Mounts on Starmer’s Government Over Internal Stability

The departure intensifies scrutiny of Keir Starmer’s leadership amid widening political strain inside the Labour government and growing questions over cabinet cohesion.

Rigetti’s UK Quantum Expansion Signals a High-Stakes Bet on Early Commercial Quantum Computing

The US quantum computing company’s push into the UK highlights rising global competition for quantum infrastructure, public funding alignment, and investor exposure to a still-p...

UK Markets Reprice Political Risk as Bond Yields Surge on Leadership Uncertainty and Global Tensions

Long-dated UK borrowing costs hit multi-decade highs as investors react to political instability at home and rising geopolitical pressure abroad, shaking sterling and equity sen...

UK Mid-Cap Stocks Fall as Political Risk and Middle East Tensions Hit Sentiment

Investors pull back from domestically focused UK equities as uncertainty in government policy and rising geopolitical risk combine to weaken market confidence.

UK Long-Term Borrowing Costs Hit Highest Levels in Decades Amid Political Strain

Thirty-year gilt yields surge to levels last seen in the late 1990s as markets reassess fiscal stability and political risk in the UK economy.

UK Deploys Jets, Warship and Drones to Protect Strait of Hormuz Shipping Route

London joins a multinational maritime security mission as tensions in the Gulf threaten global energy flows through one of the world’s most critical waterways.

JPMorgan Threatens to Scrap London HQ Plan Over Rising UK Bank Taxes

Jamie Dimon warns that higher banking levies could derail a major London headquarters project, raising fresh concerns about UK competitiveness in global finance.

Youth Mobility Dispute Stalls UK-EU Reset as Post-Brexit Frictions Persist

Talks on rebuilding UK-EU relations are being constrained by disagreements over youth mobility rules, exposing deeper tensions over labour, migration, and market access after Br...

UK Borrowing Costs Rise Sharply as Political Uncertainty Weighs on Markets

Gilt yields climb and sterling weakens as investors reassess fiscal stability amid questions over leadership continuity and policy direction.

UK Bond Market Hits Multi-Decade Highs as Political Crisis Engulfs Starmer Government

Long-term borrowing costs surged to levels last seen in 1998 while sterling fell sharply, as investors reacted to leadership instability and fears over UK fiscal direction.

Local Elections Expose Pressure on Starmer as UK Political Landscape Shifts

Recent British electoral results highlight volatility in voter support, testing Labour’s authority and reshaping the contest ahead of a general election cycle.
Playlist Hide
0:00
0:00
Open
0:00
0:00
Close
The Great Western Exit: Why Best Citizens Are Fleeing the Rich World [PODCAST]
The New Robber Barons of Intelligence: Are AI Bosses More Powerful Than Rockefeller?
The End of the Old Order [Podcast]
Britain’s Democracy Is Now a Costume
The AI Gold Rush Is Coming for America’s Last Open Spaces [Podcast]
The Pentagon’s AI Squeeze: Eight Tech Giants Get In, Anthropic Gets Shut Out [Podcast]
The War Map: Professor Jiang’s Dark Theory of Iran, Trump, China, Russia, Israel, and the Coming Global Shock [Podcast]
Labour Is No Longer a National Party [Podcast]
AI Isn’t Stealing Your Job. It’s Dismantling It Piece by Piece.
Lawyers vs Engineers: Why China Builds While America Litigates [Podcast]
Churchill’s Glass: The Drunk, the Doctor, and the Myth Britain Refuses to Sober Up From
Apple issues an unusual warning: this is how your iPhone can be hacked without you doing anything
Kennedy’s Quiet War on Antidepressants Sparks Alarm Across America’s Medical Establishment
The Met Gala Meets the Age of Billionaire Backlash
Russian Oligarch’s Superyacht Crosses Hormuz via Iran-Controlled Route
Gunfire Disrupts White House Correspondents’ Dinner as Trump Is Evacuated
A Leak, a King, and a Fracturing Alliance
Inside the Gates Foundation Turmoil: Layoffs, Scrutiny, and the Cost of Reputational Risk
UK Biobank Breach Exposes Health Data of 500,000, Listed for Sale on Chinese Platform
KPMG Cuts Around 10% of US Audit Partners After Failed Exit Push
French Police Probe Suspected Weather-Data Tampering After Unusual Polymarket Bets on Paris Temperatures
CATL Unveils Revolutionary EV Battery Tech: 1000 km Range and 7-Minute Charging Ahead of Beijing Auto Show
Crypto Scammers Capitalize on Maritime Chaos Near the Strait of Hormuz: A Rising Threat to Shipping Companies
Changi Airport: How Singapore Engineered the World’s Most Efficient Travel Experience
Power Dynamics: Apple’s Leadership Shakeup, Geopolitical Risks in the Strait of Hormuz, and Europe's Energy Strategy Amidst Global Challenges
Apple's Leadership Transition: Can New CEO John Ternus Navigate AI Challenges and Geopolitical Pressures?
Italy’s €100K Tax Gambit: Europe’s Soft Power Tax Haven
News Roundup
Microsoft lost 2.5 millions users (French government) to Linux
Privacy Problems in Microsoft Windows OS
News roundup
Péter András Magyar and the Strategic Reset of Hungary
Hungary After the Landslide — A Strategic Reset in Europe
Meghan Markle Plans Exclusive Women-Focused Retreat During Australia Visit
Starmer and Trump Hold Strategic Talks on Securing Strait of Hormuz Amid Rising Tensions
Unofficial Australia Visit by Prince Harry and Meghan Expected to Stir Tensions with Royal Circles
Pipeline Attack Cuts Significant Share of Saudi Arabia’s Oil Export Capacity
UK Stocks Rise on Ceasefire Momentum and Renewed Focus on Diplomacy
UK to Hold Further Strategic Talks on Strait of Hormuz Security
Starmer Voices Frustration as Global Tensions Drive Up UK Energy Costs
UK Students Voice Concern Over Proposal for Automatic Military Draft Registration
Rising Volatility Drives Uncertainty in UK Fuel and Petrol Prices
UK Moves to Deploy ‘Skyhammer’ Anti-Drone System to Strengthen Airspace Defense
New Analysis Explores UK Budget Mechanics in ‘Behind the Blue’ Feature
Man Arrested After Four Die in Channel Crossing Tragedy
UK Tightens Immigration Framework with New Sponsor Rules and Fee Increases
UK Foreign Secretary Highlights Impact of Intensified Strikes in Lebanon
UK Urges Inclusion of Lebanon in US-Iran Ceasefire Framework
UK Stocks Ease as Ceasefire Doubts in Middle East Weigh on Investor Confidence
UK Reassesses Cloud Strategy Amid Criticism Over Limited Support Measures
×