Report: Equifax was hacked almost 5 month before its first disclosed date

Prosecutors open criminal investigation into breach


KNOXVILLE, Tenn. (WATE) — In early September, it was announced that credit monitoring company Equifax was hit by a high-tech heist that exposed the Social Security numbers and other sensitive information about 143 million Americans.

A new report says Equifax knew about the hack in March, almost five months before the date it publicly disclosed the hack. Three people familiar with the situation told Bloomberg the breaches happened in March. One person said the breach in March was not related to the hack in September, but one person said the breaches involved the same intruders. Either way, that’s still two major breaches in two months.

Related: Equifax hack: What can you do?

Equifax announced late Friday that its chief information officer and chief security officer would leave the company. Equifax said that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring. Mauldin, a college music major, had come under media scrutiny for her qualifications in security. Equifax did not say in its statement what retirement packages the executives would receive.

Equifax is also facing several inquiries and class-action lawsuits, including Congressional investigations, queries by the Federal Trade Commission and the Consumer Financial Protection Bureau, as well as several state attorneys general. The company’s CEO Richard Smith is scheduled to testify in front of Congress in early October.

Three Equifax executives — not the ones who are departing — sold shares worth a combined $1.8 million just a few days after the company discovered the breach, according to documents filed with securities regulators.

State and federal authorities are proposing tougher regulations against Equifax and the entire credit monitoring industry.

New York Gov. Andrew Cuomo is proposing new state regulations for credit reporting agencies. The Democratic governor announced Monday that he’s directed the state Department of Financial Services to issue new rules requiring credit reporting agencies to register in New York for the first time and to comply with the state’s cyber security standards.

The proposal would require Equifax and similar firms to adhere to the same consumer protection rules the state imposes on banks and insurance companies.

Credit bureaus like Equifax are lightly regulated compared to other parts of the financial system.

The Associated Press contributed to this report.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s