Misleading headlines about Equifax’s *earlier* hack

Graham Cluley

Misleading headlines about Equifax's *earlier* hack

Misleading headlines about Equifax's *earlier* hack

The media is getting its knickers in a twist, writing excitable headlines like this:

“Equifax suffered a hack almost five months earlier than the date it disclosed”

In the article, reporters from Bloomberg write:

Equifax Inc. learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed, according to three people familiar with the situation.

In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.

What they’re referring to is a breach at an Equifax subsidiary called TALX. The hackers accessed consumers’ employee tax records, presumably with the intention of engaging in some sneaky tax refund fraud.

However, this isn’t a new revelation. The likes of Brian Krebs, ourselves, SC Magazine, and others reported on this separate attack back in May after Equifax informed affected members of the public.

In addition, a data breach notification letter was sent to New Hampshire’s Attorney General.

So for media headlines to try to make it appear as if Equifax had hidden details of this earlier breach, or suggest that the really big Equifax hack that everyone is talking about was taking place five months earlier than we thought… well, I think that’s misleading.

Law enforcement have been called in, as have security firm Mandiant, and the breach is being investigated. If there is any evidence to be found that the two hacks are related, I’m sure they’ll be all over it.

The Equifax hack is generating a lot of heat as it is, without misleading headlines pouring petrol on the flames.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Misleading headlines about Equifax’s *earlier* hack”

  1. But, let's not forget, it reported the big hack 90 days after it had happened. That's too long, in my opinion.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.