You’re Not Gonna Believe This – Another Equifax Breach

Equifax data breachApparently Equifax had another, separate breach in March of this year, 5 months before the breach that they have already announced.

Equifax hired the security firm Mandiant to check into both breaches, but since they have not said anything about this first breach, we really don’t know much about it.

One assumes that this secret earlier breach will only fuel the fires behind the dozens of lawsuits and separate dozens of investigations.

It will also make people wonder about those executive stock sales – the ones NOT on the SEC sale schedule and which occurred a couple of days before the announcement of the second breach but months after the first breach.

It is possible that they discovered the first breach before any data was stolen, but if that was the case, how do you explain how the second breach, only a few months later, went undetected for several months?  There is no logic that can explain this.

We have also seen cases where the breached company didn’t want to find any evidence of something that would require them to notify anyone.  Breach?  Breach?  What breach?  I don’t see any breach.  If you tell the investigators to only look in one corner where nothing happened, they likely won’t find any problems.  The company said that they have complied with all mandatory notifications regarding the March breach.

The fact that Equifax was lobbying Congress to reduce their breach reporting requirements at the same time that they were investigating the first breach is, shall we say, a bit problematic.  And it has terrible optics.

Is this the final straw that has the board fire the CEO?  I don’t know but I would not be surprised.

Another source is saying that the goal of the attackers may have been to use Equifax to breach some of Equifax’s large banking partners.  At least one bank appears to have been compromised and Equifax says that it is working with its banking partners to mitigate damage.

Information for this post came from Bloomberg.

By:  Mitch Tanenbaum, CyberCecurity

Deb Hileman, SCMP, is president and CEO of the Institute for Crisis Management, a crisis management training and consulting firm based in Denver, Colo. She has more than 20 years’ experience managing difficult business issues and a variety of crises, from natural disasters to criminal investigations and humans behaving badly. Her work spans public and privately held companies and non-profit organizations in a variety of industries. Known as a voice of calm in the midst of chaos, Deb has earned a reputation as a trusted strategist and advisor to C-suite executives, operations and other organizational stakeholders. She has successfully managed strategic communications for business issues including natural disasters, labor strikes, criminal prosecutions and federal civil investigations, workplace violence, executive malfeasance, investor litigation, wrongful death and patient abuse investigations, mergers, acquisitions and corporate bankruptcies, among others.

Leave a Reply

Your email address will not be published.