I just checked the Equifax UK site and came across this text about the incident:-
Although Equifax’s UK business was not breached, the attack regrettably compromised the personal information of a range of UK customers. This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016.
Nice use it for the term "process failure" - suppose it sounds better than "management fuck up". Hey I know, let's blame the process rather than those that implemented it. Some may say criiminal negligence absolved in the same way as a bank robber claiming a process failure in their method of withdrawing money.