Equifax Acquired This Identity Protection Firm Before Disclosing the Hacker Breach

Already under siege from dozens of regulatory probes and lawsuits, Equifax is now facing questions on a new front. The credit reporting company that lost the personal financial information of 143 million Americans to hackers purchased an identification protection service called ID Watchdog on Aug. 10, two weeks after Equifax discovered the data breach but a month before disclosing it publicly.

Denver-based ID Watchdog, founded in 2005, provides services like credit monitoring and identity theft notification for $15 to $20 per month. Equifax last month said it acquired the firm for $63 million without revealing at that time that its systems had been penetrated thus drastically enhancing the market for identity protection services.

Equifax efx had no immediate comment on Monday. Shares of Equifax, which lost more than one-third of their value in the wake of the hacker attack disclosure, were up 1% to $106.46 in morning trading.

Equifax drew widespread criticism, lawsuits, and legal probes after it disclosed the massive data breach, which could be among the most damaging in history. Equifax has offered victims free credit monitoring, a deal that might have more costly to the company had it not acquired the ID Watchdog service. The massive data hack also likely bolsters demand for ID Watchdog’s services.

Get Data Sheet, Fortune’s technology newsletter.

ID Watchdog sold service directly to the public but also offered coverage via large companies that wanted to give employees the service as a workplace benefit. The new firm was to merge its offerings with Equifax’s existing services, Equifax said when it announced the acquisition. “We are excited to have ID Watchdog’s industry leading products become an important part of our organization,” said Dann Adams, president of Global Consumer Solutions at Equifax, said in a statement. “Merging our identity solutions and industry relationships will significantly increase the access, range, and depth of our employee benefits solutions.”

Law enforcement officials in about 40 states are investigating Equifax’s behavior before and after the data breach. Three executives sold their Equifax shares in the days after it discovered the data breach, but the company said the executives, including the chief financial officer, didn’t know about the hack. And more than two dozen lawsuits have been filed by consumers.

Equifax revealed on Sept. 7 that criminals exploited an application vulnerability on its website to gain access to files that included names, Social Security numbers and driver’s license numbers of more than half of the U.S. adult population. Hackers also grabbed credit card numbers of about 209,000 consumers and dispute documents with more in-depth personal identifying information of another 182,000 people.