Equifax Suffered a Hack 5 Months Before its Disclosed Date

Security Vulnerability

A new report has revealed that Equifax has learned about a major breach of its computers in March, nearly five months before it disclosed a massive breach earlier this month.

A Bloomberg report has claimed that Equifax suffered an early breach of its systems, well before the breach of customer data belonging to some 143 million consumers. The report adds that both breaches may have been caused by the same perpetrators. Equifax, for its part, claims the March hack is unrelated to the infamous breach that exposed the personal and financial data of nearly half the U.S population. Nonetheless, the revelation that the 118-year-old credit reporting giant suffered two major incidents leaves the company reeling amid the departures of the company’s security and information executives.

The Equifax breach disclosed earlier this month contained a database of information that could lead to widespread instances of fraud and identity theft.  

Equifax hired Mandiant, a security firm, for both breaches and may have initially believed it had the first breach under control. However, Equifax then bought the investigators back after detecting suspicious activity again in July. Equifax also sought Mandiant’s help with the security probe on August 2 and eventually investigators learned that hackers accessed the data sometime in mid-May.

The report also notes that Equifax notified a “small number of outsiders and banking customers” about its data breach in early march. Despite bringing in a security farm to conduct a forensic investigation of the breach, Equifax is yet to publicly disclose its March breach.

What is known, by Equifax’s own admission, is that hackers breached the company’s computer networks a second time after exploiting a vulnerability that was first known in March but only patched in July, after the second breach was discovered.

Image credit: Pixabay.