Breaking News
More () »

Atlanta-based Equifax says it was hacked in March, months before latest breach

The information raises further questions about whether Equifax did enough to protect customer data.
A view of a sign for the company Equifax on the floor of the New York Stock Exchange.

Credit reporting company Equifax on Monday acknowledged that it faced a security issue earlier this year that's separate from the breach that has dominated headlines for the past several days.

Bloomberg first reported on the news.

Equifax brought in FireEye-owned Mandiant to help investigate the first event, which came to light in March, and did the same thing after it discovered the hack on July 29, Bloomberg reported.

"The retention of Mandiant in March was unrelated to the July 29 cybersecurity incident. Equifax complied fully with all consumer notification requirements related to the March incident," an Equifax spokesperson told CNBC in an email.


Equifax data breach: What you need to know about hacking crisis
Equifax data breach: Do a 15-minute cybersecurity makeover
Equifax data breach: How do you fix a cataclysmic crisis?

Bloomberg said the two attacks "involve the same intruders," citing an unnamed source, but the Equifax spokesperson said that two hacks "are not related."

The more recent hack is the one that may have impacted around 143 million U.S. consumers. Other companies that provide credit reports on consumers include Experian and TransUnion.

Earlier on Monday, New York Gov. Andrew Cuomo pushed for regulation that would require credit reporting agencies to follow the state's cybersecurity rules and potentially give the state the power to stop the companies from doing business with New York companies and consumers. Meanwhile, on Monday short-seller Carson Block told CNBC that he's suing Equifax, as his data might have been compromised.

On Sept. 15 Equifax announced the retirement of two executives.

Before You Leave, Check This Out