Equifax says it was hacked in March, months before latest breach

Elizabeth Weise | USA TODAY

Show Caption Hide Caption Equifax shines light on industry troubles In the wake of the Equifax breach, a consumer group wants Congress to rethink how we use credit reporting agencies. Consumer Watchdog also wants lawmakers to mandate two factor authentication to safeguard personal information. (Sept. 15)

SAN FRANCSICO – Credit reporting company Equifax suffered a breach in March, two months before the massive breach that hit as many as 143 million people, which was disclosed earlier this month.

The March breach was reported Monday by Bloomberg.

The 143 million person began in mid-May and was discovered by the company on July 29. First announced Sept. 7, it was one of the largest breaches of consumers' private financial data in history.

The March breach was not related to the large breach and Equifax told Bloomberg that it did not involve the same intruders.

Equifax has hired the security firm Mandiant to investigate the March breach and the company also investigated the large breach, Bloomberg reported.

Left unanswered is whether there was any connection between the March breach and the sale of nearly $1.8 million in sales of Equifax stock by three senior executives at the company.

According to filings with the Securities and Exchange Commission, the executives, chief financial officer John Gamble, U.S. information solutions president Joseph Loughran and workforce solutions president Rodolfo Ploder all sold stock.

On Aug. 1, Gamble sold Equifax shares with a market value of nearly $946,400, while Loughran exercised options to sell nearly $584,100, the regulatory filings show. Ploder sold company shares valued at nearly $250,500 on Aug. 2, the filings show.

The Department of Justice has reportedly opened a criminal investigation into whether three top Equifax officials violated insider trading laws when they sold company stock.

Equifax has said the executives "had no knowledge that an intrusion had occurred" at the time they sold their shares, but the statement was in connection with the May breach.

More: Equifax data breach: What you need to know about hacking crisis

More: Equifax data breach: Do a 15 minute cybersecurity makeover

More: Equifax data breach: How do you fix a cataclysmic crisis?