When Equifax first disclosed the shocking news on September 7 that its servers and some 143 million private account had been hacked, leaking everything from names, to addresses, to social security numbers, it stated in its press release that it had “learned of the incident on July 29, 2017″ adding that “at which point it reported the intrusion to law enforcement and contracted a cybersecurity firm to conduct a forensic review: based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.”
As we commented then, it “oddly enough took shareholders and over a third of America, more than a month longer to learn that all their personal data may have been compromised.”
And now, according to Bloomberg, it appears the company had lied again as it wasn’t “only one month” but nearly six that the company was aware that its systems had been violated without acting on the information::
Equifax Inc. learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed, according to three people familiar with the situation
While the March breach was reportedly not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, “one of the people said the breaches involve the same intruders. Either way, the revelation that the 118-year-old credit-reporting agency suffered two major incidents in the span of a few months adds to a mounting crisis at the company, which is the subject of multiple investigations and announced the retirement of two of its top security executives on Friday.” That one of the top security executives also happened to be a music major who desperately tried to scrub her public background has not helped the company’s case.
Some further details from Bloomberg:
Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said.
Equifax’s hiring of Mandiant the first time was unrelated to the July 29 incident, the company spokesperson said. Vitor De Souza, senior vice president for global marketing at FireEye Inc., Mandiant’s parent company, declined to comment.