Equifax had data breach months before big one hit: report

How Equifax opened the door to hackers

The Equifax data breach in late July that exposed personal information like Social Security numbers of 143 million Americans reportedly wasn't the first time the credit-monitoring company's security systems had been compromised. Bloomberg News reported Monday that Equifax learned about a major breach of its computer systems in March, some five months before the date it previously disclosed to the public.

Equifax told Bloomberg through a statement that the March breach of a business-services unit was not related to the July 29 hack that hit nearly half the country's consumers. "The incident was reported to customers, affected individuals and regulators," the company emphasized in a follow-up statement to CBS News. 

Still, as the Bloomberg report observed, "the revelation that the 118-year-old credit-reporting agency suffered two major incidents in the span of a few months adds to a mounting crisis at the company."

Meanwhile, state and federal authorities are proposing tougher regulations against Equifax and the entire credit monitoring industry after the company announced that big breach. This is on top of the lawsuits already filed against Equifax by state attorneys general, and a multitude of lawsuits filed that are seeking class-action status. 

Here's the latest on the breach and credit freeze for those consumers affected:

New York clamps down

New York Gov. Andrew Cuomo is proposing new state regulations for credit reporting agencies. The Democratic governor announced Monday that he's directed the state Department of Financial Services to issue new rules requiring credit reporting agencies to register in New York for the first time and to comply with the state's cybersecurity standards.

The proposal would require Equifax and similar firms to adhere to the same consumer protection rules the state imposes on banks and insurance companies.

Credit bureaus like Equifax are lightly regulated compared to other parts of the financial system.

Democrats want more regulations

Senators from Massachusetts, Connecticut and Rhode Island are pushing new bills as well. Massachusetts Sen. Elizabeth Warren introduced legislation aimed at giving control over credit and personal information to consumers and preventing credit reporting agencies from profiting off of consumers' information during a freeze.

Massachusetts Sen. Edward Markey joined with Connecticut Sen. Richard Blumenthal and Rhode Island Sen. Sheldon Whitehouse to introduce a bill giving consumers the right to stop data brokers from selling personal information for marketing purposes.

Warren also sent letters to credit reporting agencies Equifax, TransUnion and Experian and requested the Federal Trade Commission and Consumer Financial Protection Bureau launch an investigation into consumer data security.

What is Equifax doing?

Along with bulking up its call centers and waiving fees for credit freezes, Equifax announced last Friday that its chief information officer and chief security officer would be leaving the company immediately.

The company -- under intense pressure since it disclosed last week that hackers accessed the Social Security numbers, birthdates and other information -- also released a detailed, if still muddled, timeline of how it discovered and handled the breach.

Equifax data breach: How to protect yourself

Equifax said that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring.

Mauldin is being replaced by Russ Ayers, an information technology executive inside Equifax. Webb is being replaced by Mark Rohrwasser, who most recently was in charge of Equifax's international technology operations.

Company executives are also under scrutiny. Equifax's CEO has been called to testify before Congress on Oct. 3.

And three Equifax executives sold shares worth a combined $1.8 million just a few days after the company discovered the breach. Equifax said the three executives "had no knowledge that an intrusion had occurred at the time."

Equifax's stock has fallen more than a third since the scandal broke, wiping out more than $6 billion of the company's market value.

What should I do?

Consumers should be vigilant and diligent. That means:

  • Closely monitoring their credit reports, which are available free once a year, and stagger them to see one every four months.
  • Keeping watch, possibly for a long time. Scammers who get ahold of the data could use it at any time -- and with 143 million to choose from, they may be patient.
  • Considering freezing your credit reports. That stops thieves from opening new credit cards or loans in your name, but it also prevents you from opening new accounts. So if you want to apply for something, you need to lift the freeze a few days beforehand. 
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.