Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

Bloomberg is reporting that Equifax, the credit reporting company that recently reported a cybersecurity incident impacting roughly 143 million U.S. consumers, learned about a breach of its computer systems in March -- almost five months before the date it has publicly disclosed. The company said the March breach was unrelated to the recent hack involving millions of U.S. consumers, but one of the people familiar with the situation said the breaches involve the same intruders. From the report: Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said. Equifax's hiring of Mandiant the first time was unrelated to the July 29 incident, the company spokesperson said. The revelation of a March breach will complicate the company's efforts to explain a series of unusual stock sales by Equifax executives. If it's shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading. The U.S. Justice Department has opened a criminal investigation into the stock sales, according to people familiar with the probe.

In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company's outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. While it's not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public.

Silver Lining

Maybe this will make people stop being so dependent on debt. Then perhaps the price of things will go down since no one will finance them any longer. Then maybe we'll see the banksters starving in the gutter.

Re:Silver Lining

[newcastlejon]

Then maybe we'll see the banksters starving in the gutter.

"When banks fail, it is seldom bankers who starve."

Re:Silver Lining

[bobbied]

Maybe this will make people stop being so dependent on debt. Then perhaps the price of things will go down since no one will finance them any longer. Then maybe we'll see the banksters starving in the gutter.

You do realize that credit reporting is done for more life events than those related to debt right?

You want a cell phone and don't use a prepaid one? Likely a credit check and monthly reports about your account...

You open an account with the local electric company? Credit check, and likely ongoing reports..

Open a checking or savings account? Brokerage account? 401k/IRA?

You simply are NOT going to get away with not having your data show up at one of the big three unless you live a very unconventional life, only accept or spend cash and never do any one of the things we usually take for granted in today's world.

Re: Silver Lining

[orlanz]

Debt is modern slavery

A 100 years ago, this was quite true, and it still is in many parts of the world. People always have needed loans. Savings are quite difficult to secure. The more you have the more bad actors target you. So people took loans for that cow, bike, education, or house. But back then, that debt passed on to your children. It wasn't unusual to have the grandfather build a house and the grandchildren pay it off.

The interest you got charged was based on who you knew and what collateral you had. Gold, silver, daughters, etc. The lender many times basically owned your family. Those without connections or collateral had to beg or got no loans. They could never climb up in society.

The modern Credit System, even with all its faults, is phenomenal and quite far from your statement. It allows strangers to partially assess the risk of an investment in the other. Additionally, the debt doesn't pass on to others. The failure of the investment is shared by only all parties to the deal. This allows for greater investments and returns in society. The only figurative chaines of slavery are the ones self-imposed.

As for cheaper houses. Sure without lending, houses would be cheaper but they would be smaller too with less features. If you want, you can still build your own 1950's 1000 sqft ranch home on 1/2 an acre of unincorporated land in less than 6 months for under $50k.

don't get it

[kiviQr]

You hire a security firm and at the same time you don't bother to update critical security issue with the software? Did they have an audit or did they just pay $$ for a PCI compliance sticker? How did the audit go - how come it not revealed issues with too much data being accessible from public subnet? just too many questions....

Good thing USA is not a capitalist country

[WillAffleckUW]

If the US lived under capitalism, the corporation would be dissolved and its executives would be jailed.

Luckily, we live in a Mercantilist society, where only the oligarchs make the rules, and our "elections" are fixed.

Re:Has there been any fraud since the hack?

[SlaveToTheGrind]

If the hack was perpetrated five months ago and kept quiet, there has been plenty of time for a great use of the data to be used in enormous amounts of fraud.

A few thoughts about that:

1. High-volume fraud gets you caught. Most criminals dealing in this kind of activities are smart enough to get that.

2. With the pieces of data leaked here -- names, SSNs, addresses, etc. -- there's not much to go stale. There's actually less incentive for bad guys to use it in the short term, because that's when everyone will be the most vigilant. Better to wait for things to calm down and everyone to become complacent again.

3. Even if someone disregarded point #1 and went ahead and engaged in some short-term low-volume fraud, it would be hard to separate that signal from the noise of the flow of already-existing fraud. See point #1.