Equifax compromised yet again as its website directs visitors to install malware

Equifax said it took the site offline after suspicious activity was detected.

Equifax has taken a customer help page offline after concerns the company might have been breached again, the company reported Thursday.

Hackers reportedly altered Equifax's credit report assistance page that would send users malicious software pretending to be Adobe Flash.

Several hours after Goodin's piece went live, Equifax disabled the page in question, saying it was doing so out of "an abundance of caution" while it investigated the claims.

The issue was first publicly identified by an independent security analyst. Ars Technica said that Abrams, vetting his initial suspicions, told the news site "he encountered the bogus Flash download links on at least three subsequent visits".

Equifax responded to the breach with "supreme arrogance", but it seems the company failed to learn anything from its security failings. Federal and state agencies are now probing the hack. "The website is now down for maintenance". As of Thursday afternoon, that website is no longer available. "We appreciate your patience during this time and ask that you check back with us soon".

"Equifax was a portal and probably not directly hacked or compromised", he said.

"The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor's code running on an Equifax website was serving malicious content".

Its spokespeople did not answer questions about when the company learned of the problem or how many website visitors clicked the link. McHenry said he wanted to stop credit reporting companies from relying on the numbers, which he called "the most sensitive of Americans' personal information".

Vanessa Coleman

Comments