Credit reporting company Equifax on Monday acknowledged that it faced a security issue earlier this year that's separate from the breach that has dominated headlines for the past several days.
Bloomberg first reported on the news.
Equifax brought in FireEye-owned Mandiant to help investigate the first event, which came to light in March, and did the same thing after it discovered the hack on July 29, Bloomberg reported.
"The retention of Mandiant in March was unrelated to the July 29 cybersecurity incident. Equifax complied fully with all consumer notification requirements related to the March incident," an Equifax spokesperson told CNBC in an email.
Bloomberg said the two attacks "involve the same intruders," citing an unnamed source, but the Equifax spokesperson said that two hacks "are not related."
The more recent hack is the one that may have impacted around 143 million U.S. consumers. Other companies that provide credit reports on consumers include Experian and TransUnion.
Earlier on Monday, New York Gov. Andrew Cuomo pushed for regulation that would require credit reporting agencies to follow the state's cybersecurity rules and potentially give the state the power to stop the companies from doing business with New York companies and consumers. Meanwhile, on Monday short-seller Carson Block told CNBC that he's suing Equifax, as his data might have been compromised.
On Sept. 15 Equifax announced the retirement of two executives.