Equifax fell victim to hackers in in March, some five months before it claimed to have been hacked, according to Bloomberg.
Equifax responded, claiming in a statement that the March breach was not related to the hack that exposed the personal and financial data of 143 million US consumers and 400,000 UK consumers. But one of Bloomberg's sources suggested that the breaches involved the same gang of cyber attackers.
Mandiant, the cyber security firm, was hired on both occasions. The suggestion is that the company had the initial breach under control, but had to bring specialists back when it detected suspicious activity again on 29 July.
The latest revelations will cause further damage to the 118-year-old company, whose response to the crisis has been likened to Enron, the energy trading company that collapse in 2001, whose excesses were regarded as the epitomy of the 1990s boom.
The US Department of Justice has launched a criminal investigation into the data breach, with a focus on the stock sales made by Equifax executives.
Regulatory filings on 1 August and 2 August show that the chief financial officer John Gamble sold shares worth nearly a million dollars, and Joseph Loughran, president of US information solutions disposed stock of $584,099.
Rodolfo Ploder, president of workforce solutions sold a quarter of million dollars worth of stock. None of the filings were scheduled as part of the company's trading plans. Gamble had earlier sold 14,000 shares - to the value of $1.91m on May 23.
If it is shown that the executives sold stock knowing that either the March or July data breaches were likely to damage the company's reputation they could be charged with insider trading.
However, Equifax insisted that its executives "had no knowledge that an intrusion had occurred at the time".
Either way, the firm is likely to be asked why details of the March breach had not been revealed at an earlier date, and for a clear timeline of events. The most scrutiny will be on how the dates of the cyber breaches match the dates of the shares that have been sold by executives.
Meanwhile, the Atlanta-based company's problems don't stop there. It also has to deal with nearly 40 US states that have joined a probe of the firm's handling of the data breach, Congress is also probing the hack, and Equifax will have to gear up for a number of lawsuits to be filed against it.
On Friday, the company announced that its CIO and chief security officer had ‘retired'.
14nm Cavium ThunderX2 CPUs deployed in HPE Apollo 70 supercomputer for US National Nuclear Security Administration
MWR's Countercept platform and phishd technologies key to F-Secure acquisition
Brexit labour shortages will lead to higher adoption of robotics
Newbies will be thrown in with the big boys on Sanhok as Kar98 fodder