The hits just keep on coming. Turns out Equifax suffered two data breaches over the course of approximately five months, according to Bloomberg.
The Atlanta-based credit monitoring services company this month released details about a data breach that took place between mid-May and July; this incident impacted 143 million U.S. consumers and nearly 400,000 UK customers. However, Equifax learned about an unrelated breach of its computer systems in March, Bloomberg indicated.
Equifax in March began notifying a small number of outsiders and banking customers that it had suffered a data breach and hired cybersecurity consulting services firm Mandiant to help investigate the incident, Bloomberg noted. There were no indications about how long Equifax and Mandiant conducted the data breach investigation.
What Do the Data Breaches Mean for Equifax and Its Customers?
The Equifax data breaches raise many questions about Equifax, its cybersecurity approach and its leadership.
Questions persist about what Equifax found in the investigation of its March data breach, along with whether the company did everything possible to safeguard its customers' sensitive information.
Following the most recent data breach, Equifax is working with Mandiant to determine what information was accessed and identify potentially impacted customers, the company said in a prepared statement.
Equifax also announced Chief Information Officer (CIO) David Webb and Chief Security Officer (CSO) Susan Mauldin were "retiring," effective immediately, after the latest data breach. IT operations veteran Mark Rohrwasser, who joined Equifax last year, will serve as the company's interim CIO, and Vice President Russ Ayres has been named the company's interim CSO.
In addition, the U.S. Justice Department has launched a criminal investigation into Equifax executive stock sales, Bloomberg indicated.
Equifax Chief Financial Officer John Gamble sold 14,000 shares of the company's stock on May 23, according to Bloomberg; these shares were valued at roughly $1.9 million. Furthermore, regulatory filings from Aug. 1 and 2 show Gamble and two other Equifax senior executives sold company shares worth almost $1.8 million.
To address consumers' security concerns, Equifax is conducting an ongoing review of the most recent data breach, the company stated. It has launched a dedicated website and call center to assist consumers and is offering free credit file monitoring and identity theft protection services to all U.S. consumers.