“Equifax complied fully with all consumer notification requirements related to the March incident,” Equifax said in a statement. “The two events are not related.”
Equifax did not offer any details about the information that may have been stolen, or how many people may have been affected. It's possible the hackers behind the March attack were seeking a way into the networks of major banks, using Equifax as a point of entry, according to Bloomberg. In both incidents, the company hired the cybersecurity firm Mandiant to investigate.
The disclosure of a second major breach is likely to spark intensified scrutiny from consumers and lawmakers, who have already expressed frustration over the company's security lapses and its handling of events after the July breach was made public. At least two congressional hearings are slated for the coming weeks. And Equifax faces multiple federal investigations on the breach as well as over reports that executives sold an unusual amount stock before the July hack was disclosed. Last week, two officials responsible for Equifax's security and information technology abruptly retired.