How to protect yourself from the Equifax data breach

Three Equifax Managers Sold Stock Before Cyber Hack Revealed

Equifax may have suffered a data breach several months before the date it disclosed earlier this month for the massive hack that exposed the personal financial information for roughly half the U.S. population. Most data breach disclosure laws kick in only once there's evidence that sensitive personal identifying information like social security numbers and birth dates have been taken.

The company also confirmed that Mandiant, the threat intelligence arm of the cyber firm FireEye, has been brought on to help investigate the breach.

Equifax Inc. suffered another, previously undisclosed hack in March, according to a Bloomberg News report late Monday, raising new questions about the massive data breach it suffered earlier this summer.

Equifax has since said that approximately 400,000 United Kingdom individuals may have been affected, but has not quantified the number of Canadians whose data may have been stolen. Three senior Equifax executives - Chief Financial Officer John Gamble, President of US information solutions Joseph Loughran, and President of workforce solutions Rodolfo Ploder - "sold shares worth nearly $1.8 million" on August 1 and August 2, the report notes.

Under the company's publicly disclosed timeline, there were fewer than a handful of days between the stock sales and the date Equifax said the breach was discovered.

Company officials said the chief information officer and chief security officer are leaving immediately. The breach was widely reported in security-related media and the company contacted both affected users and the government.

Later that day, Equifax revealed that it also had a security breach earlier this year that involved a different part of the company than the one accessed in the larger hack. Gamble had earlier sold 14,000 shares - to the value of $1.91m on May 23.

Several major Canadian companies including TD and CIBC use Equifax to perform credit checks.

The breach may have compromised personal information from as many as 143 million Americans. The flaw had been discovered and fixed by Apache in March, but Equifax had not applied the patch to its own systems by May. In this instance, websites can be verified by accessing it directly from the Equifax site and by not clicking embedded links in emails or other websites. The company spokesperson said Equifax is "working diligently with our bank partners to assess and mitigate any impact to their operations".



Other news