Earlier this month, credit reporting agency Equifax informed the public that its computer systems had been breached, exposing the private data of 143 million Americans. But according to a new report from Bloomberg, it wasn’t the first time that Equifax was the victim of a cyber attack in 2017. Unnamed sources tell the publication that Equifax’s systems were also breached in March in a separate, previously undisclosed incident.
The Equifax breach that has been making headlines for the past few weeks is said to have taken place in May and was then discovered by the credit reporting agency in late July. Equifax said in a statement this week that the March hack was unrelated to the May hack, but one source believes that both hacks were perpetrated by the same intruders. As Bloomberg notes, whether or not the hackers were the same or even connected, the earlier hack makes a series of stock sales by Equifax executives look even more suspicious.
Back in March, Equifax hired security firm Mandiant to conduct an investigation into “a security incident involving a payroll-related service.” Equifax then retained Mandiant once again when suspicious activity was detected on July 29th. The timing of the two incidents raises questions about when Equifax executives who subsequently sold off stock knew about the breaches, and whether that affected their decisions.
To that end, ThinkAdvisor reports that the US Department of Justice has opened a criminal investigation to find out if Equifax executive violated insider trading laws when they sold their stock.
Equifax CFO John Gamble, president of U.S. information solutions Joseph Loughran, and president of workforce solutions Rodolfo Ploder are all said to be subjects of the DOJ probe. The three sold off shares worth over $1.8 million in early August, but Equifax maintains that the executives didn’t know about the breach at the time, but there’s no indication that “the transactions were part of pre-scheduled trading plans.”
You can read the full statement from Equifax regarding the March hack below (via Gizmodo):
In response to the Bloomberg story attempting to connect two separate Cybersecurity events and suggesting the earlier event went unreported, Equifax offers the following response.
Earlier this year, during the 2016 tax season, Equifax experienced a security incident involving a payroll-related service. The incident was reported to customers, affected individuals and regulators. This incident was also covered in the media.
The March event reported by Bloomberg is not related to the criminal hacking that was discovered on July 29. Mandiant has investigated both events and found no evidence that these two separate events or the attackers were related. The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event.