Equifax Got Hacked Nearly Five Months Before It Previously Said

Equifax has come under intense scrutiny since it announced earlier this month that hackers accessed personal data of 143 million U.S. consumers. But now it turns out the company knew about a significant breach of its computer systems nearly five months before the date it originally said, Bloomberg reports.

The consumer credit agency initially said it detected a hack on July 29 — a date that was already causing problems because three of the company’s senior executives sold off close to $1.8 million of their shares in the following days.

A second, earlier, breach took place in March, according to Bloomberg. Equifax told Bloomberg the first hack was not related to the breach that exposed the personal data of its customers, but both incidents involve the same hackers.

Still, the news of another incident ramps up the pressure as Equifax is already facing multiple investigations over its data breach.
The company hired the security firm Mandiant to handle both attacks, according to Bloomberg. It may have thought it controlled the first hack but then brought the firm back in when it discovered the new intrusion in July.

This does not mean the timeline Equifax has shared publicly is false, but rather the company left out the early portion of events when disclosing its breach to the public. This second, earlier incident may also complicate the company’s statements that its executives did not know about the hackers when they sold their shares in July.

The March breach may also raise more questions about how thoroughly Equifax investigated the intrusion, according to Bloomberg. The company has said the July hackers entered its system through a known flaw, but did not fix the issue until the intrusion activity was detected.

Write to Abigail Abrams at abigail.abrams@time.com.