"We are aware of the situation identified on the equifax.com website in the credit report assistance link", the spokesperson said. According to Ars Technica, the now-deactivated section of Equifax's website redirected Abrams to the domain hxxp//:centerbluray.info, which tried to dupe him into downloading a fake, malware-ridden Flash update.
The company said it has removed the vendor's code from the web page, which was taken offline so the company can conduct further analysis.
Equifax has taken down a customer help web page amid reports of another attack on the credit reporting giant.
Credit reporting agency Equifax (EFX) investigated another possible cyber event on Thursday, concluding late in the afternoon that its systems had not been compromised.
Carroll did not respond to direct questions about any potential breach to Equifax Canada's website.
Posted just over a month after the company acknowledged that a massive cybersecurity breach exposed the personal information of more than 145 million Americans, the error message understandably raised some eyebrows.
Somehow, the worst credit-card-data breach in USA history just got worse. The problem was identified by independent security analyst Randy Abrams, who said those download links - when clicked - would infect one's computer with adware.
For these Canadian consumers, Equifax says the information that may have been accessed includes name, address, social insurance number and, in "limited cases" credit card numbers.
The cyberattack occurred through a vulnerability in an open-source application framework it uses called Apache Struts.
Equifax's security protocols have been under scrutiny since 7 September when the company disclosed its systems had been breached.