It now appears that the data breach at American credit rating agency Equifax, which was reported earlier this month and is believed to have taken place between May and July 2017, wasn’t the first one this year. There was another breach in March 2017, reports Bloomberg. While the breach in May-July exposed personal and financial data of over 143 million people, the one in March was related to a payroll service. The company has claimed that the security breach in March was communicated to the customers as well as the regulator.

The report also mentions that the hackers on both occasions were the same. However, the company insists that the two incidents are not related. In March, Equifax notified some of its banking customers about a breach. Then law firm King & Spalding, which represents Equifax, hired FireEye Inc. owned cybersecurity firm Mandiant on behalf of the company. This probe is believed to have continued till May, but wasn’t publicly disclosed till now. Mandiant was brought in once again in July.

The leak comprised millions of Social Security Numbers (SSNs) of American citizens, driving license numbers, and a couple hundred thousand credit card numbers, among other documents. Subsequently, it came to light that personal and financial data of around 400,000 Britons and unspecified data of about 100,000 Canadians had also been part of the leak.

Since the September 7 announcement, two senior security executives of the company have retired:

The company announced that the Chief Information Officer and Chief Security Officer are retiring. Mark Rohrwasser has been appointed interim Chief Information Officer. Mr. Rohrwasser joined Equifax in 2016 and has led Equifax’s International IT operations since that time. Russ Ayres has been appointed interim Chief Security Officer. Mr. Ayres most recently served as a Vice President in the IT organization at Equifax. He will report directly to the Chief Information Officer. The personnel changes are effective immediately.

What Equifax has had to say about the breach:

  • On July 29, 2017, Equifax’s Security team observed suspicious network traffic associated with its U.S. online dispute portal web application. In response, the Security team investigated and blocked the suspicious traffic that was identified.
  • The Security team continued to monitor network traffic and observed additional suspicious activity on July 30, 2017. In response, the company took offline the affected web application that day.
  • The company’s internal review of the incident continued. Upon discovering a vulnerability in the Apache Struts web application framework as the initial attack vector, Equifax patched the affected web application before bringing it back online.
  • On August 2, 2017, Equifax contacted a leading, independent cybersecurity firm, Mandiant, to assist in conducting a privileged, comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted.
  • Over several weeks, Mandiant analyzed available forensic data to identify unauthorized activity on the network.
  • The incident potentially impacts personal information relating to 143 million U.S. consumers – primarily names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
    • In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
    • Equifax also identified unauthorized access to limited personal information for certain U.K. and Canadian residents and is working with regulators in those countries.
  • With respect to the company’s security posture, Equifax has taken short-term remediation steps, and Equifax continues to implement and accelerate long-term security improvements.

Equifax executives under scanner for unusual stock sales

The US Justice Department has initiated a criminal investigation to ascertain if certain senior executives at Equifax indulged in insider trading, by selling stocks of the company of August 1 and 2, before the company had publicly disclosed that a security breach had taken place. The executives under the scanner are chief financial officer, John Gamble; president of US information solutions, Joseph Loughran; and president of workforce solutions, Rodolfo Ploder. These three sold shares worth about $1.8 billion over the two days mentioned earlier.