Thursday, 18 October, 2018

Equifax Discloses Earlier Cybersecurity Incident, But No Details

3 Equifax Managers Sold Stock Before Hack Revealed 3 Equifax Managers Sold Stock Before Hack Revealed
Nellie Chapman | 20 September, 2017, 02:27

New York Attorney General Eric Schneiderman is pressing TransUnion and Experian to explain what cyber security they have in place to protect sensitive consumer information following a recent breach at Equifax that exposed the data of 143 million Americans.

In fact, not notifying the public about an earlier breach that retrieved personal information would also run afoul of several state breach notification laws.

Governor Andrew Cuomo wants to require all credit reporting agencies to register with the state. It has since hired an outside cybersecurity firm to investigate. Bloomberg reported that Equifax may have believed it addressed the issue the first time around, "only to have to bring the investigators back when it detected suspicious activity again on July 29".

Lisa Nelson, the president and general manager of Equifax Canada, apologized to those who may have been affected and acknowledged frustration about a lack of clarity, saying the company would write to them with steps they should take.

They specifically want to know details of almost $1.8 million in stock sales made by Equifax executives, including the company's chief financial officer, three days after the breach was discovered and several weeks before it was made public.

"Somebody was calling claiming to be actually from Equifax saying that they wanted to confirm their identity regarding the data breach", she said.

Hackers have gained access to files containing the personal data of canadian clients through a Web application from Equifax for u.s. consumers. Researchers at Milwaukee-based information security firm Hold Security recently discovered a portal used by Equifax employees in Argentina that was practically "wide open" for anyone to access, according to security researcher and author of the KrebsOnSecurity blog Brian Krebs.

Under the company's publicly disclosed timeline, there were fewer than a handful of days between the stock sales and the date Equifax said the breach was discovered. Company officials say the two intrusions were not related. In the U.S the Federal Trade Commission (FTC) revealed on September 14 that it is investigating the breach as well. None of the filings were scheduled as part of the company's trading plans.

Later that day, Equifax revealed that it also had a security breach earlier this year that involved a different part of the company than the one accessed in the larger hack.

"Ring, ring. This is Equifax calling to verify your account information". The company spokesperson said Equifax is "working diligently with our bank partners to assess and mitigate any impact to their operations".