Home / News & Analysis / Report: Equifax Hacked Months Before Major Breach

Report: Equifax Hacked Months Before Major Breach

Equifax may have left out an important detail when it disclosed the breach that compromised the personal information of 143 million US consumers.

Bloomberg, citing three unnamed "people familiar with the situation" on Monday reported Equifax was hacked almost five months before the incident it disclosed on Sept. 7. The previous hack may have been carried out by the same attackers who eventually stole troves of personal information.

That means that the credit-reporting agency actually "suffered two major incidents in the span of a few months," the report notes.

After each breach, the company hired security firm Mandiant to investigate. Bloomberg reported that Equifax may have believed it addressed the issue the first time around, "only to have to bring the investigators back when it detected suspicious activity again on July 29."

Equifax on Sept. 7 revealed that criminals "exploited a US website application vulnerability" to gain access to credit card numbers, dispute documents with personal identifying information, names, Social Security numbers, birth dates, addresses, and some driver's license numbers. Equifax is offering affected individuals free credit file monitoring and identity theft protection, but, according to The New York Times, many affected users have faced "dead links and terminated calls" when trying to get help from the company.

Related

Equifax is now facing several investigations and lawsuits related to the breach, including a criminal probe by the US Justice Department about fishy stock sales made by Equifax executives ahead of the company's breach disclosure. Three senior Equifax executives — Chief Financial Officer John Gamble, President of U.S. information solutions Joseph Loughran, and President of workforce solutions Rodolfo Ploder — "sold shares worth almost $1.8 million" on Aug. 1 and Aug. 2, the report notes.

Equifax maintains that the executives "had no knowledge that an intrusion had occurred" when they made those transactions, but as Bloomberg pointed out "there were fewer than a handful of days between the stock sales and the date Equifax said the breach was discovered."

Meanwhile, the new revelations come after security researchers recently discovered that the personal information of thousands of Argentinians may also be at risk due to lax Equifax security practices. Researchers at Milwaukee-based information security firm Hold Security recently discovered a portal used by Equifax employees in Argentina that was practically "wide open" for anyone to access, according to security researcher and author of the KrebsOnSecurity blog Brian Krebs.

Read more

Check Also

Twitter will give political candidates a special badge during US midterm elections

Ahead of 2018 U.S. midterm elections, Twitter is taking a visible step to combat the spread of misinformation on its famously chaotic platform. In a blog post this week, the company explained how it would be adding “election labels” to the profiles of candidates running for political office. “Twitter has become the first place voters go to seek accurate information, resources, and breaking news from journalists, political candidates, and elected officials,” the company wrote in its announcement. “We understand the significance of this responsibility and our teams are building new ways for people who use Twitter to identify original sources and authentic information.” These labels feature a small government building icon and text identifying the position a candidate is running for and the state or district where the race is taking place. The label information included in the profile will also appear elsewhere on Twitter, even when tweets are embedded off-site. The labels will start popping up after May 30 and will apply to candidates in state governor races as well as those campaigning for a seat in the Senate or the House of Representatives. Twitter will partner with nonpartisan political nonprofit Ballotpedia to create the candidate labels. In a statement announcing its partnership, Ballotpedia explains how that process will work: Ballotpedia covers all candidates in every upcoming election occurring within the 100 most-populated cities in the U.S., plus all federal and statewide elections, including ballot measures. After each state primary, Ballotpedia will provide Twitter with information on gubernatorial and Congressional candidates who will appear on the November ballot. After receiving consent from each candidate, Twitter will apply the labels to each candidate profile. The decision to create a dedicated process to verify political profiles is a step in the right direction for Twitter. With major social platforms still in upheaval over revelations around foreign misinformation campaigns during the 2016 U.S. presidential election, Twitter and Facebook need to take decisive action now if they intend to inoculate their users against a repeat threat in 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.