Equifax fell victim to hackers in in March, some five months before it claimed to have been hacked, according to Bloomberg.
Equifax responded, claiming in a statement that the March breach was not related to the hack that exposed the personal and financial data of 143 million US consumers and 400,000 UK consumers. But one of Bloomberg's sources suggested that the breaches involved the same gang of cyber attackers.
Mandiant, the cyber security firm, was hired on both occasions. The suggestion is that the company had the initial breach under control, but had to bring specialists back when it detected suspicious activity again on 29 July.
The latest revelations will cause further damage to the 118-year-old company, whose response to the crisis has been likened to Enron, the energy trading company that collapse in 2001, whose excesses were regarded as the epitomy of the 1990s boom.
The US Department of Justice has launched a criminal investigation into the data breach, with a focus on the stock sales made by Equifax executives.
Regulatory filings on 1 August and 2 August show that the chief financial officer John Gamble sold shares worth nearly a million dollars, and Joseph Loughran, president of US information solutions disposed stock of $584,099.
Rodolfo Ploder, president of workforce solutions sold a quarter of million dollars worth of stock. None of the filings were scheduled as part of the company's trading plans. Gamble had earlier sold 14,000 shares - to the value of $1.91m on May 23.
If it is shown that the executives sold stock knowing that either the March or July data breaches were likely to damage the company's reputation they could be charged with insider trading.
However, Equifax insisted that its executives "had no knowledge that an intrusion had occurred at the time".
Either way, the firm is likely to be asked why details of the March breach had not been revealed at an earlier date, and for a clear timeline of events. The most scrutiny will be on how the dates of the cyber breaches match the dates of the shares that have been sold by executives.
Meanwhile, the Atlanta-based company's problems don't stop there. It also has to deal with nearly 40 US states that have joined a probe of the firm's handling of the data breach, Congress is also probing the hack, and Equifax will have to gear up for a number of lawsuits to be filed against it.
On Friday, the company announced that its CIO and chief security officer had ‘retired'.
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way
The most luminous galaxy ever discovered is cannibalising at least three of its smaller neighbours, study finds
The galaxy radiates at 350 trillion times the luminosity of the Sun