As it faces an increasing number of lawsuits over the data breach that impacted 143 million consumers, it seems the problems are mounting for Equifax. It’s now been revealed that the same cybercriminals who breached the credit reporting firm may have also broke into its systems months earlier.

According to Bloomberg, which cites “three people familiar with the situation,” this other breach took place in March. The previously known hack happened in May, and Equifax learned about it in late July. The sources allege that both hacks involved the same intruders, but the company claims they are unrelated.

It’s not clear if the hackers accessed any personal consumer data in the March incident. If this were the case, disclosure laws would have required Equifax to disclose the breach. The company told Bloomberg it complied with all consumer requirements related to the earlier incident, and reportedly informed "a small number of outsiders and banking customers."

"The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event," Equifax said in a statement.

Equifax hired security firm Mandiant to conduct forensic reviews of both incidents. Bloomberg claims the vulnerability in open-source server framework software Apache Struts, which the hackers exploited in the second breach, was known in March but not patched until after the later incident.

In related news, the fact that three senior Equifax executives sold their stock before the company publicly disclosed the second incident has resulted in the US Justice Department opening a criminal investigation.

Investigators want to know if Equifax’s chief financial officer, John Gamble; its president of U.S. information solutions, Joseph Loughran; and its president of workforce solutions, Rodolfo Ploder, knew about the breach before they sold $1.8 million in stock. While the transactions weren’t part of pre-scheduled trading plans, Equifax insists the execs “had no knowledge that an intrusion had occurred at the time.”