Equifax says it's looking into another possible hack
(Justin Lane/European Pressphoto Agency-EFE)
Equifax has taken one of its Web pages offline following a report that an independent security researcher encountered malicious links during multiple visits to the company's website.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” Equifax spokesman Wyatt Jefferies said in a statement. “Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”
On Thursday, Ars Technica reported that security analyst Randy Abrams was prompted to download fraudulent Adobe Flash updates when he visited the Equifax website to contest his credit report. Abrams determined that when those updates were clicked, adware would infect a visitor's computer. Abrams also encountered those links during at least three subsequent visits, according to Ars Technica.
[Congressman to former Equifax CEO: 'Your industry treats them like dirt']
The Web page in question currently displays an error message that tells visitors “the website is currently down for maintenance.” Previously, people could access the page under the “Credit Report Assistance” heading.
The possibility of another malicious hack at Equifax comes just a week after the company's former chief executive, Richard Smith, was grilled by angry lawmakers over a massive data breach that may have compromised the sensitive information of as many as 145 million people. Equifax first disclosed that breach in September. But lawmakers and several federal agencies, including the FBI and the Federal Trade Commission, are investigating the company's response to the breach, why it took Equifax more than a month to notify the public and whether executives engaged in insider trading.
Equifax and the Internal Revenue Service also are facing pressure from lawmakers over a $7.2 million contract that Equifax was awarded, after the breach was made public, for the company to verify taxpayer identities and help prevent fraud.