The repercussions from cybersecurity breaches seem unending; they truly are the gifts that persistently haunt. For those unfamiliar with the saga, the Equifax breach stemmed from a third-party software vulnerability, marking it as a pioneer in large-scale cyberattacks of that nature.

Astonishingly, some C-suite executives gracefully exited with lavish retirement packages, while a cascade of lawsuits eventually touched a billion dollars by 2020. This entire fiasco? Rooted in a widely-acknowledged Adobe software glitch that was inexpensive to rectify.

Fast-forward six years, and the UK branch of Equifax has been slapped with a £11,164,400 fine (roughly $13.6 million) for the 2017 debacle where hackers infiltrated and accessed millions of personal data. The breach impacted around 13.8 million UK residents and a staggering 148 million U.S. citizens, making it one of history’s largest data breaches.

Investigations by the Financial Conduct Authority (FCA) revealed that Equifax Ltd., the UK entity, was vulnerable due to its reliance on servers managed by its U.S. counterpart, Equifax Inc. The compromised data encompassed names, dates of birth, partial credit card details, addresses, and more. Alarmingly, the UK division remained in the dark about the breach for six weeks after its discovery by Equifax Inc. They were only informed moments before the public announcement, leading to an overwhelming influx of complaints and communication delays with UK clients.

Now, 6 years later, the UK arm of Equifax was fined £11,164,400 (about $13.6 million) on Friday by a British regulator for allowing hackers to access personal information of millions of people in 2017.

About 13.8 million UK consumers were affected in the incident, according to the Financial Conduct Authority, and it remains one of the largest data breaches of all time. About 148 million people in the U.S. had their data exposed in the attack.

Company officials told reporters that they had fully cooperated with the FCA’s investigation and invested $1.5 billion in cybersecurity improvements since the attack. Quite an investment in cybersecurity considering the security team in 2017 couldn’t get approval for a single headcount to take care of hygiene.

Equifax Inc. agreed in 2019 to pay at least $575 million to settle allegations about the incident brought by U.S. state and federal regulators. The U.S. government has accused four Chinese government hackers of carrying out the attack.

In 2018, Britain’s Information Commissioner’s Office separately fined Equifax Ltd £500,000 (then about $668,000) for violating data protection rules due to the 2017 incident.

And it is far from over yet. The moral? Patch.