Equifax hit with data breach five months before disclosing it
20 Sep 2017
Equifax had come to know about a major breach of its computer systems in March almost five months before the date it publicly disclosed, Bloomberg reported citing three people familiar with the situation.
According to a statement by the company, the March breach was not related to the hack that exposed the personal and financial data on 143 million US consumers, but, according to one of the people, the breaches involve the same intruders. According to commentators, the revelation that the 118-year-old credit-reporting agency was hit with two major incidents in the span of a few months adds to a mounting crisis at the company, which is under multiple investigations and announced the retirement of two of its top security executives on Friday.
According to commentators, the company, which hired security firm Mandiant on both occasions, might have believed that it had been able to contain the initial breach, only to have to approach the investigators again when it detected suspicious activity again on 29 July, according to two of the people.
According to Bloomberg's Michael Riley, Equifax was not transparent about the timing of the breach.
Meanwhile, Bloomberg said in a separate report that the US justice department has opened a criminal investigation into whether top officials at Equifax Inc violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation. (See: Three Equifax senior executives sold stock before revelation of breach, report)
US prosecutors in Atlanta, who the people said are investigating the share sales, said in a statement they are examining the breach and theft of people's personal information in conjunction with the Federal Bureau of Investigation. Another person familiar with the matter said, the Securities and Exchange Commission is working with prosecutors on the investigation into stock sales.
According to commentators, the federal probes pose a challenge to Equifax as lawmakers, state attorneys general and regulators scrutinise the breach that may have compromised the privacy of 143 million US consumers.
