What you need to know about the other Equifax data breach

19 Sep 2017

The security of Equifax customers was compromised on two known occasions this year. Image: sdecoret/Shutterstock

Troubled waters ahead for Equifax as lawsuits pile up and personnel are scrutinised.

The controversy surrounding Equifax won’t be dissipating any time soon if recent reports are anything to go by.

On Monday (18 September), it emerged that the credit bureau suffered an earlier, separate attack by hackers in March – four months before the July breach that caused havoc when it was disclosed earlier this month.

Two breaches, same hackers?

Bloomberg reported that a major breach of Equifax’s computer systems occurred in March, but Equifax stated that this breach was not related to the hack that exposed the details of close to 150m customers in the US, which was disclosed earlier this month. It remains to be seen whether both breaches were carried out by the same group, or two separate outfits.

In a statement on its website, Equifax explained that it hired security firm Mandiant on both occasions to “assist in conducting a privileged, comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted”.

The seriousness of the situation is escalating for the beleaguered firm, with both CIO David C Webb and CSO Susan Mauldin retiring from their posts, effective immediately. Mark Rohrwasser and Russ Ayres are replacing the outgoing employees in the interim.

Criminal investigation begins

The unusual stock sales by Equifax executives are also looking more and more suspect. If it’s proven that the personnel involved sold stocks while knowing about the breaches, Equifax could be brought up on insider trading charges.

The US Department of Justice has opened up a criminal investigation into the stock sales of the CFO of Equifax, John Gamble; president of US information solutions, Joseph Loughran; and president of workforce solutions, Rodolfo Ploder.

The company is also facing a flood of class-action lawsuits. Fortune reported that at least 24 federal lawsuits had been filed in connection with the breach on 10 September, with the number having increased markedly since then.

The Wall Street Journal reported that banks had experienced a spike this summer in criminals using data pertaining to credit reports to attempt identity theft, with many suggesting that the stolen Equifax data was already being used for illegal exploits.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com