NEW YORK (Reuters) – Equifax Inc stated on Thursday that considered one of its third-party distributors had been working malicious code on one its internet pages, however that the credit score reporting company was not the topic of one other cyber assault and its programs weren’t compromised.
Equifax had stated earlier it took the affected internet web page offline “out of an abundance of warning” following a report by the expertise information web site Ars Technica that the corporate’s web site could have been hacked.
Atlanta-based Equifax disclosed just a little over a month in the past that cyber criminals had breached its programs between mid-Might and late July and stolen the delicate data of 145.5 million individuals.
“Equifax can affirm that its programs weren’t compromised and that the reported situation didn’t have an effect on our shopper on-line dispute portal,” spokeswoman Francesca De Girolami stated in a press release on Thursday.
“The difficulty entails a third-party vendor that Equifax makes use of to gather web site efficiency knowledge, and that vendor’s code working on an Equifax web site was serving malicious content material.”
The corporate stated it has eliminated the seller’s code from the net web page, which was taken offline so the corporate can conduct additional evaluation.
Randy Abrams, an impartial safety analyst, stated he observed the difficulty late on Wednesday when he was trying to verify some data in his credit score report and a bogus pop-up advert appeared on Equifax’s web site.
The pop-ups might trick guests into putting in fraudulent Adobe Flash updates and infect computer systems with malware, he stated in an interview with Reuters on Thursday.
“You have to be kidding me,” he recalled considering when he first noticed the advertisements. Then he efficiently replicated the issue not less than 5 occasions, making a video that he posted to YouTube. (bit.ly/2z3GTLc)
Equifax’s safety protocols have been below scrutiny since Sept. 7 when the corporate disclosed its programs had been breached. As a credit score reporting company, Equifax retains huge quantities of shopper knowledge for banks and different collectors to make use of to find out the probabilities of their prospects’ defaulting.
The breach has prompted investigations by a number of federal and state companies, together with a legal probe by the U.S. Division of Justice, and it has led to the departure of the corporate’s chief govt officer, chief data officer and chief safety officer.
Equifax shares ended down 1.5 % at $108.81.
Reporting by John McCrank; Modifying by Invoice Rigby