Misleading headlines about Equifax's *earlier* hack

Calm down. They did go public about the earlier security incident.

Misleading headlines about Equifax's *earlier* hack

The media is getting its knickers in a twist, writing excitable headlines like this:

"Equifax suffered a hack almost five months earlier than the date it disclosed"

In the article, reporters from Bloomberg write:

Equifax Inc. learned about a major breach of its computer systems in March -- almost five months before the date it has publicly disclosed, according to three people familiar with the situation.

In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.

What they're referring to is a breach at an Equifax subsidiary called TALX. The hackers accessed consumers' employee tax records, presumably with the intention of engaging in some sneaky tax refund fraud.

However, this isn't a new revelation. The likes of Brian Krebs, ourselves, SC Magazine, and others reported on this separate attack back in May after Equifax informed affected members of the public.

In addition, a data breach notification letter was sent to New Hampshire's Attorney General.

So for media headlines to try to make it appear as if Equifax had hidden details of this earlier breach, or suggest that the really big Equifax hack that everyone is talking about was taking place five months earlier than we thought... well, I think that's misleading.

Law enforcement have been called in, as have security firm Mandiant, and the breach is being investigated. If there is any evidence to be found that the two hacks are related, I'm sure they'll be all over it.

The Equifax hack is generating a lot of heat as it is, without misleading headlines pouring petrol on the flames.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

,

One Response

  1. Mark Jacobs

    September 20, 2017 at 10:26 am #

    But, let's not forget, it reported the big hack 90 days after it had happened. That's too long, in my opinion.

Leave a Reply