Misleading headlines about Equifax’s *earlier* hack

Calm down. They did go public about the earlier security incident.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Misleading headlines about Equifax's *earlier* hack

The media is getting its knickers in a twist, writing excitable headlines like this:

“Equifax suffered a hack almost five months earlier than the date it disclosed”

In the article, reporters from Bloomberg write:

Sign up to our free newsletter.
Security news, advice, and tips.

Equifax Inc. learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed, according to three people familiar with the situation.

In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.

What they’re referring to is a breach at an Equifax subsidiary called TALX. The hackers accessed consumers’ employee tax records, presumably with the intention of engaging in some sneaky tax refund fraud.

However, this isn’t a new revelation. The likes of Brian Krebs, ourselves, SC Magazine, and others reported on this separate attack back in May after Equifax informed affected members of the public.

In addition, a data breach notification letter was sent to New Hampshire’s Attorney General.

So for media headlines to try to make it appear as if Equifax had hidden details of this earlier breach, or suggest that the really big Equifax hack that everyone is talking about was taking place five months earlier than we thought… well, I think that’s misleading.

Law enforcement have been called in, as have security firm Mandiant, and the breach is being investigated. If there is any evidence to be found that the two hacks are related, I’m sure they’ll be all over it.

The Equifax hack is generating a lot of heat as it is, without misleading headlines pouring petrol on the flames.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Misleading headlines about Equifax’s *earlier* hack”

  1. Mark Jacobs

    But, let's not forget, it reported the big hack 90 days after it had happened. That's too long, in my opinion.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.