The media is getting its knickers in a twist, writing excitable headlines like this:
“Equifax suffered a hack almost five months earlier than the date it disclosed”
In the article, reporters from Bloomberg write:
Equifax Inc. learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed, according to three people familiar with the situation.
In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.
What they’re referring to is a breach at an Equifax subsidiary called TALX. The hackers accessed consumers’ employee tax records, presumably with the intention of engaging in some sneaky tax refund fraud.
However, this isn’t a new revelation. The likes of Brian Krebs, ourselves, SC Magazine, and others reported on this separate attack back in May after Equifax informed affected members of the public.
In addition, a data breach notification letter was sent to New Hampshire’s Attorney General.
So for media headlines to try to make it appear as if Equifax had hidden details of this earlier breach, or suggest that the really big Equifax hack that everyone is talking about was taking place five months earlier than we thought… well, I think that’s misleading.
Law enforcement have been called in, as have security firm Mandiant, and the breach is being investigated. If there is any evidence to be found that the two hacks are related, I’m sure they’ll be all over it.
The Equifax hack is generating a lot of heat as it is, without misleading headlines pouring petrol on the flames.
But, let's not forget, it reported the big hack 90 days after it had happened. That's too long, in my opinion.