Security Vulnerability
September 19, 2017 by

Equifax Suffered a Hack 5 Months Before its Disclosed Date

A new report has revealed that Equifax has learned about a major breach of its computers in March, nearly five months before it disclosed a massive breach earlier this month.

A Bloomberg report has claimed that Equifax suffered an early breach of its systems, well before the breach of customer data belonging to some 143 million consumers. The report adds that both breaches may have been caused by the same perpetrators. Equifax, for its part, claims the March hack is unrelated to the infamous breach that exposed the personal and financial data of nearly half the U.S population. Nonetheless, the revelation that the 118-year-old credit reporting giant suffered two major incidents leaves the company reeling amid the departures of the company’s security and information executives.

The Equifax breach disclosed earlier this month contained a database of information that could lead to widespread instances of fraud and identity theft.  

Equifax hired Mandiant, a security firm, for both breaches and may have initially believed it had the first breach under control. However, Equifax then bought the investigators back after detecting suspicious activity again in July. Equifax also sought Mandiant’s help with the security probe on August 2 and eventually investigators learned that hackers accessed the data sometime in mid-May.

The report also notes that Equifax notified a “small number of outsiders and banking customers” about its data breach in early march. Despite bringing in a security farm to conduct a forensic investigation of the breach, Equifax is yet to publicly disclose its March breach.

What is known, by Equifax’s own admission, is that hackers breached the company’s computer networks a second time after exploiting a vulnerability that was first known in March but only patched in July, after the second breach was discovered.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Former Rutgers Student Pleads Guilty to Creating Mirai Botnet

A former Rutgers university student is among three men who pleaded guilty to creating the dreaded...

Read more arrow_forward

Hackers Invade Safety System of Critical Infrastructure Facility

Hackers, presumed to work for a nation-state, recently hacked a safety system belonging to a...

Read more arrow_forward

New Ransomware ‘Spider’ Threatens Wipeout in 96 Hours

A new strain of ransomware discovered by security researchers encrypts files and gives victims a...

Read more arrow_forward