Security firm Mandiant said to be helping Equifax in hack aftermath

Equifax earlier on Thursday revealed a massive data breach of 143 million consumers.
Written by Zack Whittaker, Contributor

Video: Cyberwar and the Future of Cybersecurity

Security firm Mandiant is said to be carrying out incident response in the wake of the Equifax hack, ZDNet has learned.

The security firm, bought by FireEye in 2014, is understood to be working with the credit giant after the hack, which affected as many as 143 million consumers in the US, the UK, and Canada.

CNET: Find out if you were one of 143 million hacked

Mandiant is known for helping companies respond in the immediate aftermath of a cyberattack, by securing networks and preventing further data loss.

When reached, a spokesperson for FireEye would neither confirm nor deny, and declined to comment.

Equifax revealed Thursday that hackers had broken into its systems between May and July by exploiting a vulnerability in a web-facing application. Hackers took off with names, social security numbers, birth dates, home addresses, and in some cases, driving license information -- and in some cases, credit card numbers and other personal information.

The credit firm discovered the breach on July 29.

Several records seen by ZDNet purport to show a domain name registered to a Mandiant employee working in incident response registered just two days before Thursday's announcement.

The domain -- which we are not naming or linking to as the registration data identifies the employee and what appears to be their personal information -- appears to be an attempt to prevent cybersquatters registering the domain related to Equifax's efforts to respond to the hack.

It's not known for what reason the domain was registered, or if it was registered by the employee in an official capacity as a Mandiant employee. We reached out to the employee by text message but did not hear back.

So far, Equifax has been criticized for its overall incident response.

Several security researchers on Twitter have said that the delay took six weeks until the matter was made public. Bloomberg also reported that several senior executives sold stock days after the breach, though a company spokesperson told Gizmodo that the staff had "no knowledge" of the intrusion. Also, reports on Twitter show that the site used to verify if consumers are affected has been plagued with security certificate issues and has been flagged as a phishing site by OpenDNS, a popular domain name service provider.

The breach is the largest reported so far this year.

Equifax did not respond to a request for comment.

These were 2017's biggest hacks, leaks, and data breaches

Editorial standards