Equifax suffered another major breach before the massive data breach disclosed earlier this month, the company confirmed Monday, revealing yet again the vulnerability of the credit agency's computer systems.
The earlier breach, first reported by Bloomberg, was discovered by Equifax in March. But the company said that the earlier intrusion was unrelated to the breach that may have impacted as many as 143 million people, which the company discovered in July but did not disclose until six weeks later.
“Equifax complied fully with all consumer notification requirements related to the March incident,” Equifax said in a statement. “The two events are not related.”
Equifax did not offer any details about the information that may have been stolen, or how many people may have been affected. It's possible the hackers behind the March attack were seeking a way into the networks of major banks, using Equifax as a point of entry, according to Bloomberg. In both incidents, the company hired the cybersecurity firm Mandiant to investigate.
The disclosure of a second major breach is likely to spark intensified scrutiny from consumers and lawmakers, who have already expressed frustration over the company's security lapses and its handling of events after the July breach was made public. At least two congressional hearings are slated for the coming weeks. And Equifax faces multiple federal investigations on the breach as well as over reports that executives sold an unusual amount stock before the July hack was disclosed. Last week, two officials responsible for Equifax's security and information technology abruptly retired.