Security Vulnerability
September 19, 2017 by

Equifax Suffered a Hack 5 Months Before its Disclosed Date

A new report has revealed that Equifax has learned about a major breach of its computers in March, nearly five months before it disclosed a massive breach earlier this month.

A Bloomberg report has claimed that Equifax suffered an early breach of its systems, well before the breach of customer data belonging to some 143 million consumers. The report adds that both breaches may have been caused by the same perpetrators. Equifax, for its part, claims the March hack is unrelated to the infamous breach that exposed the personal and financial data of nearly half the U.S population. Nonetheless, the revelation that the 118-year-old credit reporting giant suffered two major incidents leaves the company reeling amid the departures of the company’s security and information executives.

The Equifax breach disclosed earlier this month contained a database of information that could lead to widespread instances of fraud and identity theft.  

Equifax hired Mandiant, a security firm, for both breaches and may have initially believed it had the first breach under control. However, Equifax then bought the investigators back after detecting suspicious activity again in July. Equifax also sought Mandiant’s help with the security probe on August 2 and eventually investigators learned that hackers accessed the data sometime in mid-May.

The report also notes that Equifax notified a “small number of outsiders and banking customers” about its data breach in early march. Despite bringing in a security farm to conduct a forensic investigation of the breach, Equifax is yet to publicly disclose its March breach.

What is known, by Equifax’s own admission, is that hackers breached the company’s computer networks a second time after exploiting a vulnerability that was first known in March but only patched in July, after the second breach was discovered.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Netflix Launches Public Bug Bounty Program

Streaming giant Netflix has announced the launch of a public bug bounty program designed to allow...

Read more arrow_forward

15-Year-Old Hacks Ledger Hardware Cryptocurrency Wallet

A teenage hacker has discovered a flaw in Ledger, a popular hardware wallet that could essentially...

Read more arrow_forward

Expedia’s Orbitz: 880,000 Payment Cards Struck by Data Breach

Orbitz, a subsidiary of online travel giant Expedia has revealed a data breach wherein hackers may...

Read more arrow_forward