Equifax was always dirty, it bills the US government for millions, and was repeatedly hacked

Before Equifax changed its name in 1976 — in the midst of a Congressional investigation and a national scandal — it was the Retail Credit Company, founded in Atlanta in 1899.

Retail Credit served as a kind of free market Stasi, sending out spies to covertly and overtly gather data on Americans, encouraging neighbors to snitch on suspected homosexuals, race-mixers, and political dissidents and then ensuring that those people would be blacklisted from credit, insurance, and other key financial services.

But this wasn't the scandal that prompted the company to change its name: rather, it was public outrage that straight, white, Christian dudes were being misclassified as commies, queers and interracial daters. Congress took the firm in hand and forced it to divulge its secret files to the people it spied on, so that these misapprehensions could be corrected.

Congress warmed to Equifax in the years that followed. Today, Equifax — who lost 143 million Americans' Social Security Numbers — generates $20m in billings to the Social Security Administration, Medicare and Medicaid, whom it provides with dossiers on the recipients of government services to help disqualify people it holds in bad odor.

Equifax's apocalyptic loss of 143 million Americans' records wasn't its first breach in 2017: the company suffered another catastrophic breach in March 2017 and covered it up. That means that the execs who sold off their stock and claimed "no knowledge" of a hack had months to learn of these events, not mere weeks.

The new timeline is also likely to focus scrutiny on an earlier sale by Gamble of 14,000 shares on May 23. According to a regulatory filing, which didn't indicate that the sale was part of a scheduled trading plan, the value of that transaction was $1.91 million, more than twice the size of his Aug. 1 disposal of 6,500 shares for $946,374.

If the two hacks are unrelated it could be that different hacking teams had different goals. One clue has emerged that suggests one goal of the attackers was to use Equifax as a way into the computers of major banks, according to a fourth person familiar with the matter.

This person said a large Canadian bank has determined that hackers claiming to sell celebrity profiles from Equifax on the dark web — information that appears to be fraudulent, or recycled from other breaches — did in fact steal the username and password for an application programming interface, or API, linking the bank's back-end servers to Equifax.

According to the person and a Sept. 14 internal memo reviewed by Bloomberg, the gateway linked a test and development site used by the bank's wealth management division to Equifax, allowing the two entities to share information digitally.

Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
[Michael Riley, Anita Sharpe and Jordan Robertson/Bloomberg]

The Equifax Way
[Rachel Bunker/Jacobin]

Equifax Lost Social Security Numbers But Still Works for the Social Security Administration
[Michael Rapoport and AnnaMaria Andriotis/Cetus News]