Credit reporting company Equifax on Monday acknowledged that it faced a security issue earlier this year that's separate from the breach that has dominated headlines for the past several days.
Bloomberg first reported on the news.
Equifax brought in FireEye-owned Mandiant to help investigate the first event, which came to light in March, and did the same thing after it discovered the hack on July 29, Bloomberg reported.
"Earlier this year, during the 2016 tax season, Equifax experienced a security incident involving a payroll-related service," an Equifax spokeswoman told CNBC in an email. "The incident was reported to customers, affected individuals and regulators. This incident was also covered in the media. The March event reported by Bloomberg is not related to the criminal hacking that was discovered on July 29."
Bloomberg said the two attacks "involve the same intruders," citing an unnamed source, but the Equifax spokeswoman wrote that Mandiant has not come across evidence that would indicate the two hacks are related.
"The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event," the spokeswoman wrote.
Earlier on Monday, New York Gov. Andrew Cuomo pushed for regulation that would require credit reporting agencies to follow the state's cybersecurity rules and potentially give the state the power to stop the companies from doing business with New York companies and consumers. Meanwhile, on Monday short-seller Carson Block told CNBC that he's suing Equifax, as his data might have been compromised.
On Sept. 15 Equifax announced the retirement of two executives.