Equifax: credit firm was breached before massive May hack
https://www.theguardian.com/technology/2017/sep/19/equifax-credit-firm-march-breach-massive-may-hack-customers
Equifax, the credit monitoring agency that lost personal data of 143 million US customers in a massive hack in May, has revealed that it was also the victim of an earlier breach in March.
The earlier breach was serious enough for the company to notify customers, and bring in the information security firm Mandiant to investigate. But the millions of Americans whose personal data the company stockpiles to power its services are not technically customers of the company, and so it did not inform them.
Following a report by Bloomberg, Equifax came clean about the breach in a statement. Earlier this year, during the 2016 tax season, Equifax experienced a security incident involving a payroll-related service. The incident was reported to customers, affected individuals and regulators. This incident was also covered in the media.
Specialist blog Krebs on Security was one of the few outlets to cover the breach at the time when Equifax initially disclosed the hack to customers in May, two months later.
eta:
https://krebsonsecurity.com/2017/05/fraudsters-exploited-lax-security-at-equifaxs-talx-payroll-division/