It may also bear on the investigation into unusual stock sales by several Equifax executives in the days following the discovery of the May incident. "The March event reported by Bloomberg is not related to the criminal hacking that was discovered on July 29".
And the Consumer Financial Protection Bureau, the nation's watchdog for financial issues, says it has the authority to investigate the data breach, and fine and sanction Equifax if warranted. The company discovered the hack July 29 and publicly announced it more than a month later on September 14.
Healey said Tuesday the Equifax breach "may be the most brazen failure to protect consumer data" her office has seen.
"Mandiant has investigated both events and found no evidence that these two separate events or the attackers were related".
Mandiant was reportedly engaged to investigate the March breach and could have begun concluding its investigation just before the second breach occurred in May.More news: Confident India start favourites against Australia
More news: DACA's Disappearance Could Spell Trouble for NDSU Students
More news: About 2 million lose power in Florida from Irma, utilities say
Equifax's recent disclosure of the July hack has dominated headlines over the past few weeks due to the value of the customers' data accessed in the attack.
"Equifax's internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation", the company stated.
Other attorneys general from New York, Illinois, Pennsylvania and CT have also launched investigations into the breach.
Attorney General Schneiderman opened an investigation immediately after learning of the Equifax breach. The three executives sold shares worth nearly $1.8 million in early August.
According to Bloomberg, the department is looking at sales by Equifax Chief Financial Officer John Gamble, President of US Information Solutions Joseph Loughran, and President of Workforce Solutions Rodolfo Ploder. However, the vulnerability could have been fixed back in early March when patches became available.