Equifax takes down web page amid new breach concern

Equifax takes down web page amid new breach concern
© Getty

Equifax has taken a customer help page on its website offline as its security team investigates another cybersecurity incident. 

Ars Techica reported that an independent security analyst had discovered Wednesday that hackers had manipulated part of the credit-reporting giant's website to push out malicious, fraudulent Adobe Flash updates to visitors.

Equifax initially confirmed that it had temporarily taken the credit report assistance link on its website offline "out of an abundance of caution" as its IT and security teams looked into the matter. Later, a spokesman clarified that the issue involved a third-party vendor whose code was running on an Equifax website and serving malicious content, and that Equifax's own systems were not compromised. 

ADVERTISEMENT
"Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal," Equifax said. 

“The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content," the company said. "Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis."

The incident comes just over a month after Equifax disclosed a massive data breach in which hackers stole the personal information of more than 145 million U.S. consumers.

The company has come under massive pressure since revealing on Sept. 7 that hackers breached its systems in May to gain access to Social Security numbers, birth dates and other personal information on millions of Americans. 

Several top Equifax executives, including its CEO, have resigned from their positions amid backlash. The firm has also been scrutinized over revelations that three senior executives sold stock in the company between the time when the suspicious activity was initially discovered and when the breach was publicly revealed.

The breach has triggered investigations by the Federal Trade Commission and the FBI, and has also reportedly prompted a criminal probe by the Justice Department. 

Richard Smith, the company’s former CEO, was hauled before multiple congressional committees last week to answer to lawmakers about the circumstances surrounding the breach and the company’s response.

This post was updated at 4:30 p.m. to reflect an updated statement from Equifax.