What’s worse than the Equifax hack? Finding out Equifax was also hacked five months earlier by the same perps who carried out this month’s massive hack, but the company kept it quiet. So, not only were 143 million Americans exposed between mid-May through July, a fact not announced until September 7th, the first major breach actually occurred in March. And somewhere in there, Equifax executives started quietly dropping their stock like hot potatoes.
Equifax is, of course, denying that the stock sales had anything to do with the multiple calls it made this spring and summer to top cyber security firm Mandiant. They also aren’t the ones who have come clean about the first hack in March. That news was leaked to Bloomberg by three anonymous sources with knowledge of what’s been going on at the credit reporting agency. If no data was stolen in that first hack, they aren’t legally obligated to disclose it according to federal law.
Meanwhile, cyber security investigators are still sifting through data to find out what the fallout of the hacks might be besides the release of such personal information as millions of social security numbers, drivers license numbers, and bank info. According to what’s been circulating on the dark web since the hack, it looks like the goal might have been not just to obtain consumers’ personal data, but to find a back door between Equifax and major banks.
Fortunately Equifax caught the intrusion before such doors could be opened. But they didn’t act swiftly enough to prevent a whole can of worms from opening up over their overall security, the mysterious stock dumps, and its own half-baked response to a frantic public.