Security firm Mandiant said to be helping Equifax in hack aftermath

Equifax earlier on Thursday revealed a massive data breach of 143 million consumers.

Video: Cyberwar and the Future of Cybersecurity

Security firm Mandiant is said to be carrying out incident response in the wake of the Equifax hack, ZDNet has learned.

The security firm, bought by FireEye in 2014, is understood to be working with the credit giant after the hack, which affected as many as 143 million consumers in the US, the UK, and Canada.

CNET: Find out if you were one of 143 million hacked

Mandiant is known for helping companies respond in the immediate aftermath of a cyberattack, by securing networks and preventing further data loss.

When reached, a spokesperson for FireEye would neither confirm nor deny, and declined to comment.

Equifax revealed Thursday that hackers had broken into its systems between May and July by exploiting a vulnerability in a web-facing application. Hackers took off with names, social security numbers, birth dates, home addresses, and in some cases, driving license information -- and in some cases, credit card numbers and other personal information.

The credit firm discovered the breach on July 29.

Several records seen by ZDNet purport to show a domain name registered to a Mandiant employee working in incident response registered just two days before Thursday's announcement.

The domain -- which we are not naming or linking to as the registration data identifies the employee and what appears to be their personal information -- appears to be an attempt to prevent cybersquatters registering the domain related to Equifax's efforts to respond to the hack.

It's not known for what reason the domain was registered, or if it was registered by the employee in an official capacity as a Mandiant employee. We reached out to the employee by text message but did not hear back.

So far, Equifax has been criticized for its overall incident response.

Several security researchers on Twitter have said that the delay took six weeks until the matter was made public. Bloomberg also reported that several senior executives sold stock days after the breach, though a company spokesperson told Gizmodo that the staff had "no knowledge" of the intrusion. Also, reports on Twitter show that the site used to verify if consumers are affected has been plagued with security certificate issues and has been flagged as a phishing site by OpenDNS, a popular domain name service provider.

The breach is the largest reported so far this year.

Equifax did not respond to a request for comment.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All