In another blow for hacked consumer credit reporting agency Equifax Inc., the U.S. Department of Justice has opened a criminal investigation into $1.8 million in stock sales made by three Equifax executives in the days prior to the public disclosure of its hack.

The investigation is being run by prosecutors in Atlanta, Georgia, in conjunction with the Securities and Exchange Commission. According to reports, they’re looking into stock sales by Equifax’s chief financial officer, John Gamble; its president of U.S. information solutions, Joseph Loughran; and its president of workforce solutions, Rodolfo Ploder.

News that executives at the company had sold stock prior to the public disclosure of the hacking but after Equifax was aware of it first appeared when the hack first made headlines earlier this month. At the time, Equifax denied that the trades constituted insider trading, saying that the sale of stocks was an unfortunate coincidence and that the executives “had no knowledge that an intrusion had occurred at the time.”

The Department of Justice is not alone in investigating the Equifax hack and the dubious trading of its executives. The Federal Bureau of Investigation also said late last week that it was “tracking” the issue. In addition, the Senate Finance Committee is calling for further information and the Federal Trade Commission is also investigating the hack.

In a case of things going from bad to worse, Equifax also revealed Monday that the hack at the center of the current drama wasn’t the first time it had been compromised. It admitted, albeit extraordinarily late, that it had also suffered a different, unrelated hack in March. Bloomberg reported that Equifax hired security firm Mediant Inc. after the first hack to investigate the matter, suggesting that it took the (now) first data breach seriously but apparently not seriously enough to prevent the second, now highly publicized hacking.

“The March event reported by Bloomberg is not related to the criminal hacking that was discovered on July 29,” Equifax said in a statement. “Mandiant has investigated both events and found no evidence that these two separate events or the attackers were related. The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event.”

Equifax went on to describe the first hack in March as “a security incident involving a payroll-related service” that did not affect customer information.

Image: Maxpixel