Equifax was hacked months before the breach that compromised the social security numbers and other personal information of 143 million Americans — and at may have been carried out by the same attackers, according to a new report.
The credit-reporting agency announced earlier this month that hackers broke into its system — and peeped at the personal data of roughly 58 percent of the U.S.’s adult population — between May 13 and July 29.
But three company sources told Bloomberg that Equifax first discovered and tamped down a hack in March — and one source told the outlet the March intruders were responsible for the subsequent breach.
During the May attack, intruders had access to the names, addresses, drivers license numbers and social security numbers of 143 million U.S. consumers — as well as more than 200,000 credit card numbers, according to the company.
An Equifax statement provided to Bloomberg claimed the hacks were unrelated. The company hired security firm Mandiant in response to both attacks, sources told Bloomberg.
The agency was aware of a software vulnerability that lead to the hack in March but thought it patched the hole, according to a statement from Equifax.