Security & Fraud

Equifax Admits To A Different Security “Incident” In March

So, about that data breach at Equifax — it turns out this isn’t quite their first rodeo when it comes to serious cybersecurity situations. In fact, as of yesterday, Equifax admitted that, actually, it had faced a different cybersecurity issue earlier this year, in March, which was entirely separate from the massive Equifax hack where they managed to lose the data of a majority of American adults.

Bloomberg reports that earlier this year, FireEye-owned Mandiant was brought in to investigate the March event — in much the same way it was brought in to figure out the big Equifax hack in late July.

“The retention of Mandiant in March was unrelated to the July 29 cybersecurity incident. Equifax complied fully with all consumer notification requirements related to the March incident,” an Equifax spokesperson told CNBC in an email.

Whether the two hacks were related remains a bit of a debate. Equifax says the two events are unrelated to each other, but an anonymous source speaking to Bloomberg stated that the two data breaches “involve the same intruders.”

The news comes a day after New York Gov. Andrew Cuomo began vociferously advocating for new regulation that would require credit reporting agencies to follow the state’s cybersecurity rules.

Short-seller Carson Block told CNBC on Monday that he’s suing Equifax, as his data might have been compromised.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.