Equifax suffered hack months earlier than the date it disclosed

Equifax suffered hack months earlier than the date it disclosed
© Getty Images

Credit reporting firm Equifax reportedly knew about a major hack of its computer systems in March, nearly five months before it disclosed to the public.

The company denied in a statement to The Hill that the March breach was tied to the hack in which the personal and financial information of as many as 143 million U.S. consumers was exposed earlier this month.

A source told Bloomberg, who first reported on the earlier hack, that same hackers are behind both breaches.  

The second hack, which has dominated headlines and crashed Equifax's stock since it was announced earlier this month, exposed Social Security numbers, birth dates and other personal information.

Thousands of consumers also had financial data like credit card numbers and dispute documents accessed.

ADVERTISEMENT
Equifax said in a statement earlier this month that hackers “exploited a U.S. website application vulnerability” to gain unauthorized access to the files between mid-May and July. Many critics, including lawmakers on Capitol Hill, have questioned the company’s security practices, which they believe were insufficient given the sensitive consumer data the company deals with.

News of the earlier breach is the latest blow to the embattled credit reporting company, whose reputation and stock have tanked since revealing that it suffered a massive hack in July.

Equifax woes continued when after the breach, the company offered tools to let consumers know whether or not their information was affected in the hack. News outlets quickly pointed out that putting “test” in the name field and “123456” in the social security spot yielded a confirmation of compromised information. Sen. Richard Blumenthal called the remedies “pathetic.”

Lawmakers and government officials also blasted the fees that Equifax was charging for credit freezes that help protect those affected by the breach, and hammered the company over a clause that could have forced individuals using the tool to waive their right to sue Equifax.

Two Equifax executives, chief information officer David Webb and chief security officer Susan Mauldin, resigned from the company on Friday amid the fallout.

Three other Equifax executives are being scrutinized for potentially engaging in insider trading after they dumped almost $2 million worth of company stock and options days after the breach occurred, but before it was publicly announced.

The Senate Commerce and Finance Committees and individual lawmakers like Sens. Brian SchatzBrian Emanuel SchatzChris Murphy’s profile rises with gun tragedies Senators grill ex-Equifax CEO over stock sales Overnight Cybersecurity: Trump proclaims 'Cybersecurity Awareness Month' | Equifax missed chance to patch security flaw | Lawmakers await ex-CEO's testimony | SEC hack exposed personal data MORE (D-Hawaii) have called on Equifax to provide more information as to whether or not the executives illegally traded Equifax stock.

The Department of Justice also announced on Monday that it will investigate Equifax Chief Financial Officer John Gamble, president of U.S. information solutions Joseph Loughran and Rodolfo Ploder, president of workforce solutions, regarding the trades.

Lawmakers on Capitol Hill are waiting their turn to scrutinize Equifax at hearings next month. CEO Richard Smith is set to testify before the House Energy and Commerce Committee on Oct. 3. The House Financial Services will also hold a hearing on the hack.

This story was updated at 7:00 p.m.