Misleading headlines about Equifax’s *earlier* hack

Calm down. They did go public about the earlier security incident.

Misleading headlines about Equifax's *earlier* hack

The media is getting its knickers in a twist, writing excitable headlines like this:

Equifax suffered a hack almost five months earlier than the date it disclosed”

In the article, reporters from Bloomberg write:

Equifax Inc. learned about a major breach of its computer systems in March -- almost five months before the date it has publicly disclosed, according to three people familiar with the situation.

In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.

What they’re referring to is a breach at an Equifax subsidiary called TALX. The hackers accessed consumers’ employee tax records, presumably with the intention of engaging in some sneaky tax refund fraud.

However, this isn’t a new revelation. The likes of Brian Krebs, ourselves, SC Magazine, and others reported on this separate attack back in May after Equifax informed affected members of the public.

In addition, a data breach notification letter was sent to New Hampshire’s Attorney General.

So for media headlines to try to make it appear as if Equifax had hidden details of this earlier breach, or suggest that the really big Equifax hack that everyone is talking about was taking place five months earlier than we thought… well, I think that’s misleading.

Law enforcement have been called in, as have security firm Mandiant, and the breach is being investigated. If there is any evidence to be found that the two hacks are related, I’m sure they’ll be all over it.

The Equifax hack is generating a lot of heat as it is, without misleading headlines pouring petrol on the flames.

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


One Response

  1. Mark Jacobs

    September 20, 2017 at 10:26 am #

    But, let’s not forget, it reported the big hack 90 days after it had happened. That’s too long, in my opinion.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.