Skip to main content
Updated:
Original:

Things somehow keep getting worse for Equifax

The credit agency had been hacked in March, in a separate breach.

What's the next level below dumpster fire? Maybe landfill blaze. Or Great Pacific garbage patch twister.

Whatever term you prefer, that's what Equifax has dropped to after last week's dumpster fire description.

Already taking heat for leaving the private data of 143 million Americans accessible to hackers, Equifax is now facing questions about a previous data breach it suffered earlier in 2017.

This comes from Bloomberg, which was told by sources that Equifax's systems were breached in March – an incident that the company didn't make public, despite telling some banking customers and a few others outsiders, according to the report.

Equifax in a statement to The Guardian confirmed the March hack, saying it related to a payroll service. The company also said a third-party review found that hack is not related to the large one that's recently been in the news, and didn't affect those customer databases. 

Cybersecurity expert Brian Krebs reported the March breach affected tax records. According to CNN, Equifax says it notified affected consumers and other parties about the possible impact.

All told, it means Equifax – which, as one of the three big credit reporting agencies, stores the personal data of millions of Americans – was the victim of two hacks in the span of just a few months.

Equifax also hadn't patched a flaw correctly

Also coming out in recent days – the exploit used by hackers to access the information of 143 million Americans over the summer had actually been patched months earlier.

The issue was an exploit in a web application called Apache Struts. Apache fixed that flaw back in March, ZDnet says. Equifax last week acknowledged being aware of the vulnerability at the time, and taking efforts to patch vulnerable systems they knew about.

But Equifax apparently didn't patch this specific application until noticing the suspicious activity on July 29. At that point, the company blocked the communications, and took the web application offline while it installed the proper patch.

"While Equifax fully understands the intense focus on patching efforts, the company’s review of the facts is still ongoing. The company will release additional information when available," the company said.

This breach actually started back in mid-May, but wasn't noticed until late July, and then wasn't revealed publicly until September. 

Two high-level execs have lost their jobs at this point.

The damage so far: names, Social Security numbers, birth dates, addresses and driver’s license numbers of up to 143 million Americans, plus the credit card numbers of 209,000 U.S. consumers. Some documents containing personal identifying information of 182,000 Americans were also accessed, Equifax says.

Oh, and some U.K. and Canadian residents had information out there too.

We'll go with landfill blaze.

Next Up

Kirill Kaprizov

Wild win battle of NHL's hottest teams, extend winning streak to six

Kirill Kaprizov delivered a shootout winner to take down the Maple Leafs.

Eric Kendricks

Vikings downgrade Eric Kendricks to out against Lions

The Vikings have also activated Michael Pierce from injured reserve.

u.s. attorney

Minnesotan sentenced after assaulting man with baseball bat

Marshall Wayne Boshey was sentenced to 30 months in prison followed by two years of supervised release.

Target store

Target's gift card discount is back, but for this weekend only

The fine print: for Target Circle members only (but membership is free).

Screen Shot 2020-06-15 at 7.11.05 AM

Minneapolis teen arrested in St. Cloud after fleeing police in stolen vehicle

The vehicle was stolen in a car-jacking in Minneapolis Thursday.

snow, blowing snow

Winter storm warnings issued with heavy snow set to slam MN

Parts of northern Minnesota could see more than a foot of snow, but there won't be much in the Twin Cities.

D'Angelo Russell

With KAT out, Timberwolves can't upset Nets

D'Angelo Russell stepped up but couldn't overcome Brooklyn's firepower.

Everson Griffen Vikings dot com

Everson Griffen confirms he has bipolar disorder

"I’ve been running from it a long time. I’m not ashamed of it anymore.”

Angela Renee Jones, St. Cloud murder suspect

St. Cloud suspect now charged in two local murder cases

Both murders happened within a day of each other in June.

Related

Is Equifax going to get away with compromising all our data?

The investigation into the credit-monitoring agency is being scaled back.

Al Franken tears into former Equifax CEO over the data breach

Franken questioned the former CEO over the massive data breach.

Equifax won't make you sign away class-action lawsuit rights for using TrustedID

The company had offered a year of the service for free – but with a catch.

Equifax has become a giant dumpster fire

The credit reporting agency has yet another security blunder on its hands.

Social security numbers stolen from Equifax, and you're probably affected

The huge data breach was discovered in July and confirmed on Thursday.

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

The Tip Jar: Should you accept Equifax's free credit lock offer?

A credit freeze or a fraud alert looks like a better bet.