Sep 18, 2017

Equifax was breached four months before massive hack

A pedestrian walks past credit card logos posted on a downtown storefront in Atlanta. Photo: David Goldman / AP

Equifax learned about a massive breach of its systems in March, which a source "familiar with the situation" said was perpetrated by the same intruders that were responsible for the massive breach in July, according to Bloomberg.

What they're saying: In a statement, the company said the March incident was unrelated to the July hack that exposed personal identifying information of up to 143 million Americans. Equifax hired Mandiant, a security firm, in March and again recently to assess the July breach, according to Equifax.

In March, the U.S. Computer Emergency Readiness Team identified the vulnerability exposed in the July hack. Equifax worked to patch that vulnerability, the company said last Friday.

Worth noting: Equifax has said three executives who sold a combined $1.8 million in stock after the July breach weren't aware of any breaches before taking that step. Bloomberg notes that the new revelations could make that harder to argue.

Go deeper