The Wall Street Journal reported that CIT said in a recent regulatory filing that it has been hit with “several security breaches” since January 2009 that led to the release of customer information.

According to the WSJ, CIT said its Form 10-Q filed with the Securities and Exchange Commission that the breaches involved third-party service providers, which released customer information to “another financial institution or educational institution,” and that in both of those instances, the suspects were identified, the data in question was recovered and neither CIT nor the customers were damaged by the breaches, citing the filing.

The SEC issued new guidelines in October outlining situations in which companies should disclose details of risks from data breaches, the article noted.

To read the full WSJ article click here.