A Wall Street Journal report says that hackers broker into Equifax's computer systems in March, giving them months to probe vulnerabilities and eventually gain access to the data of 143 million Americans.
The Journal cited a report from security firm FireEye that was sent to some Equifax customers this week.
The breach on March 10 came two days after security researchers at Cisco Systems warned of a flaw in an open-source software package called Apache Struts. One expert said the hackers probably found the Equifax server by "spamming" the internet for vulnerabilities.
Equifax has previously said the attack on its systems began in May.
Equifax did not immediately respond to requests for comment on the report. A spokeswoman for FireEye, a subsidiary of security firm Mandiant, declined to comment.