Skip to main content
close search
site logo
Dive Brief

Equifax suffered another breach in March

Published Sept. 19, 2017
Naomi Eide's headshot
Managing Editor
Getty, edited by CIO Dive

Dive Brief:

  • Equifax suffered an additional data breach in March, which the company said was not related to the security incident disclosed earlier this month impacting 143 million U.S. consumers, according to a Bloomberg report
  • In the March incident, which occurred five months before the second breach was discovered, Equifax notified a small number of impacted individuals, including banking customers, Bloomberg reports. Equifax's outside counsel brought in Mandiant to investigate the breach. 
  • "The retention of Mandiant in March was unrelated to the July 29 cybersecurity incident. Equifax complied fully with all consumer notification requirements related to the March incident," the firm said in a statement received by CNBC. Equifax could not be reached by CIO Dive prior to publication.

Dive Insight:

The revelations of the earlier breach could call into question Equifax's disclosed timeline. Last week, the firm outlined in a public statement the timeline of the breach impacting 143 million U.S. consumers. Equifax said its security team first noticed the breach on July 29, but made no mention of an earlier security incident. 

The March security incident occurred nearly five months before the recently disclosed data breach. The firms said the two incidents were not tied together, but it raises doubt around the firm's cybersecurity practices.

Some companies limit scope of an outside firm's investigation — in this case, FireEye-owned Mandiant was contracted to look into both security incidents — following an initial breach, a thorough, system-wide investigation would have helped ensure Equifax understood its overall security posture. 

Following the recent retirement of the Equifax's CIO and CSO, the company's interim technology heads will have to work to mitigate any issues with back-end systems and make sure its technology is prepared to withstand further security incidents.

Equifax is facing numerous consumer lawsuits in addition to a U.S. Justice Department probe into top company officials' sale of stock just prior to the breach disclosure earlier this month. Widely criticized by the security community for how it handled the breach, Equifax is receiving a lesson in how to respond to a security incident.  

In the modern era of computing, it's not a case of "if," but "when" a company will be targeted and potentially hacked. To save an organization's reputation, companies have to respond quickly and remain transparent throughout the entire investigation and breach recovery process. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on Power, Status, and Pay
From 1E
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell