Equifax acknowledged it experienced a separate security issue in March, months before the massive breach it disclosed to its customers Sept. 7, reports Bloomberg.
The company said the March breach was not related to the more recent hack, which it discovered July 29. The July hack exposed personal and financial data on 143 million U.S. customers, according to a statement obtained by Bloomberg.
The credit reporting agency brought in FireEye company Mandiant to help investigate the March and July events.
"The retention of Mandiant in March was unrelated to the July 29 cybersecurity incident. Equifax complied fully with all consumer notification requirements related to the March incident," an Equifax spokesperson told CNBC in an email.
This second breach will complicate the company's efforts to explain its executives' recent stock sales, which the Department of Justice reportedly opened an investigation into, according to Bloomberg. Top executives reportedly sold company stock days after discovery of the breach, yet prior to Equifax's breach disclosure, according to a separate Bloomberg report. The DOJ seeks to investigate whether the incident constitutes insider trading.
More articles on cybersecurity:
OIG to audit cybersecurity preparedness at HHS