NEW YORK (Reuters) - Equifax Inc said on Thursday it has taken one of its customer help website pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of more than 145 million people.
The move came after an independent security analyst on Wednesday found part of Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” Equifax spokesman Wyatt Jefferies said in an email. “Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”
The Atlanta-based company, which has faced seething criticism from consumers, regulators and lawmakers over its handling of the earlier breach, said it would provide more information as it becomes available.
As of 1:15 p.m. (1715 GMT), the web page in question said: “We’re sorry… The website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon.”
Equifax shares were down 1.2 percent at $109.18 in early afternoon trading.
Randy Abrams, the independent analyst who noticed the possible hack, said he was attempting to check some information in his credit report late on Wednesday when one of the bogus pop-up ads appeared on Equifax’s website.
His first reaction was disbelief, he said in an interview with Reuters on Thursday. “You’ve got to be kidding me,” he recalled thinking. Then he successfully replicated the problem at least five times, making a video that he posted to YouTube.
Equifax’s security protocols have been under scrutiny since Sept. 7 when the company disclosed its systems had been breached between mid-May and late July.
The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice, and it has led to the departure of the company’s chief executive officer, chief information officer and chief security officer.
As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting.
Like many here I don’t like government regulation a meddling with private business, but Equifax must be held criminally responsible for the leaking of so much Personal Identifiable Information. If a smaller company had a fraction of this type of information and failed to safeguard it, there no doubt would be criminal charges. I think the entire credit rating system is an scam to begin with, but putting my belief aside for a moment… I don’t think anyone can argue that a company which just can’t seem to grasp the basics of information security should be rating the credit worthiness of anyone.
Consumer protection is not “meddling”. Government regulation is a necessary tool because men are not angels. Much like the founders said about the necessity of a constitution and bill of rights.
Consumers didn’t prop up credit rating agencies. The government did that. I believe that consumers are quite capable of protecting themselves if given the opportunity to do so. Receiving a credit rating should be something that people opt-in to and willfully provide there information. Instead, government regulations have forced the consumer into this relationship with credit rating agencies and lenders. The government created this problem. The government never solves problems.
No, consumers are busy working. Federal regulations protect citizens from human greed. That’s why they exist and you may speak out against them all you wish but we both know that you appreciate the benefits thereof.
The government NEVER solves problems??? Such hyperbole does nothing to debate.
The government isn’t in the business of solving problems because problems are what keep the government in business. The more problems they create, the more opportunities they have to control us.
Lol, ok. So you’re an anarchist. I’ve known several.
It looks like Transunion is about to catch it in the ass too. Here’s to hoping for a full Fight Club ending.
Now we know why the IRS just gave Equifax a NO BID CONTRACT to perform…SECURITY!
That was true earlier today, but I guess someone at the IRS actually ended up making the right call. Although, they should have suspended the contract after the initial shitshow of a breach.
The IRS has temporarily suspended the $7.2 million contract it recently awarded Equifax to help verify taxpayer identity and validation for the government agency, the IRS said Thursday.
Equifax has been under intense scrutiny since disclosing last month it suffered a massive hack that may have exposed personal information for roughly half the US population. The move was announced amid reports the credit-reporting bureau had been attacked yet again, this time serving up malicious software to those who visited the company’s website.
The IRS plans to review the security of Equifax’s systems during the suspension, an agency spokesman told Politico. The move means millions of Americans won’t be able to establish new accounts to access their online records.
“The IRS emphasized that there is still no indication of any compromise of the limited IRS data shared under the contract,” agency spokesman Matthew Leas said in a statement. “The contract suspension is being taken as a precautionary step as the IRS continues its review.”
Equifax revealed last month that hackers made off with a virtual treasure trove of financial data from as many as 145 million people in the US, including names, Social Security numbers, birth dates and addresses of customers. When queried about the contract in light of the hack earlier this month, the IRS told the House Ways and Means committee it was forced to extend its contract with Equifax.
The IRS actually awarded its authentication service contract to another company in July, Jeffrey Tribiano, the agency’s deputy commissioner for operations support told members of Congress.
Equifax protested losing the contract to the US Government Accountability Office on July 7, according to documents. The office will decide on the protest by Oct. 16. Until then, the IRS cannot move onto its new partner.
Representatives for the IRS and Equifax didn’t immediately respond to request for comment.
I find it very strange months BEFORE the first hack they paid over $1,000,000 to start up a security ID protection business and 4 months LATER there happens to be a MAJOR hack and over 145,000,000 were affected , so at $100 a year how much will they earn off that business ???
Why hasn’t the government shut down Equifax as they are clearly inept and unable to run their business effectively.
Equifax needs to go out of business, but its “asset” (people’s private data) already “out there”
I cant wait for the class action lawsuit !!
They have the nerve to only offer 1 year free protection for their blunder but your SS , drivers license and most other info will NEVER change !!! They believe they will gain ALL those millions affected plus million of others in their NEW ID security business at $100 a pop , all of which is very , very fishy !!! How is it you buy an ID business which is suppose it protect your info 5 months before YOU get hacked ??? Someone needs to be arrested !
Trumps president, shrug…
Yes Trump is the President. What does that have anything to do with the abysmal failure of Equifax’s cyber security systems?
It was suggested that they need to go out of business/government shut them down.