When hackers exposed the personal information of 143 million Americans by breaching Equifax’s security systems this summer, it was not the first time, according to a new report.
In a public statement, Equifax said that it was actually hacked in March as well, in an attack unrelated to the July hack. In both cases, however, the security of millions of people’s social security numbers, credit card information, and other sensitive materials was compromised.
For a major credit reporting company to suffer two major hacks within the span of a few months puts the Equifax in a state of crisis. New revelations show that Equifax knew about the earlier breach, but tried to keep it quiet rather than announcing it publicly. The company now has diminished credibility in the eyes of many customers.
Bloomberg reports on how investigators will proceed in solving this issue.
Security experts say victim companies have wide leeway about how deep an investigation they want outside investigators to do. Some clients will limit the breadth of access or the time outside investigators can spend on site. Others want a full assessment that encompasses their entire computer network and could include the identification of existing security vulnerabilities. Cost is often a consideration, but the victim company might also believe a breach’s scope is limited.
So far, investigators have discovered that hackers broke into Equifax largely because of its backdoor connections with many large banks.
The discovery suggests that the attackers may have been trying to piggyback off of Equifax’s connections to large banks and other financial institutions as a backdoor way to hack those entities and gain access to sensitive partner systems. The company spokesperson said Equifax is “working diligently with our bank partners to assess and mitigate any impact to their operations.”
If you were affected by the Equifax security breach, watch out, your information is still not safe.