Equifax says it had a security breach earlier in the year

NEW YORK — Equifax, under pressure from a massive data breach, says it had a separate incident earlier this year. That could mean even more scrutiny as the company deals with the aftermath of a security failure that exposed the information of 143 million Americans.


Meanwhile, the Massachusetts Attorney General has filed suit against Equifax. And Equifax says about 100,000 Canadian consumers may have had their personal information compromised.

Equifax says it had a security breach earlier this year that involved a different part of the company than the one accessed in the larger hack. The breach involved TALX, which is Equifax’s human resources and payroll service. The company said there’s no evidence that the TALX breach, which happened between March and April this year, and the wider breach are related.

Massachusetts Attorney General Maura Healey sued Equifax on Tuesday, making it the first state to take direct legal action against the company following the breach. Its lawyers say that Equifax’s negligence exposed more than half the state’s adult population to the breach, and that the company was negligent in dealing with security threats.

Healey is seeking unspecified civil penalties, restitution and damages for the impacted residents.

New York Attorney General Eric Schneiderman is questioning two other credit-monitoring companies, TransUnion and Experian, about what precautions they have taken to protect sensitive consumer information. In letters to company executives, the Democratic attorney general asked them to describe their existing security systems, as well as what changes they’ve made since the Equifax hack.

The breach, he wrote, “has raised serious concerns about the security of private consumer information held by the nation’s largest consumer credit reporting agencies.”