NEW YORK (Reuters) – Equifax Inc stated on Thursday that one in every of its third-party distributors had been working malicious code on one its internet pages, however that the credit score reporting company was not the topic of one other cyber assault and its methods weren’t compromised.
Equifax had stated earlier it took the affected internet web page offline “out of an abundance of warning” following a report by the know-how information web site Ars Technica that the corporate’s web site might have been hacked.
Atlanta-based Equifax disclosed somewhat over a month in the past that cyber criminals had breached its methods between mid-Could and late July and stolen the delicate info of 145.5 million folks.
“Equifax can affirm that its methods weren’t compromised and that the reported subject didn’t have an effect on our shopper on-line dispute portal,” spokeswoman Francesca De Girolami stated in an announcement on Thursday.
“The problem includes a third-party vendor that Equifax makes use of to gather web site efficiency information, and that vendor’s code working on an Equifax web site was serving malicious content material.”
The corporate stated it has eliminated the seller’s code from the online web page, which was taken offline so the corporate can conduct additional evaluation.
Randy Abrams, an impartial safety analyst, stated he observed the problem late on Wednesday when he was making an attempt to verify some info in his credit score report and a bogus pop-up advert appeared on Equifax’s web site.
The pop-ups may trick guests into putting in fraudulent Adobe Flash updates and infect computer systems with malware, he stated in an interview with Reuters on Thursday.
“You have to be kidding me,” he recalled considering when he first noticed the advertisements. Then he efficiently replicated the issue at the very least 5 occasions, making a video that he posted to YouTube. (bit.ly/2z3GTLc)
Equifax’s safety protocols have been below scrutiny since Sept. 7 when the corporate disclosed its methods had been breached. As a credit score reporting company, Equifax retains huge quantities of shopper information for banks and different collectors to make use of to find out the possibilities of their clients’ defaulting.
The breach has prompted investigations by a number of federal and state businesses, together with a prison probe by the U.S. Division of Justice, and it has led to the departure of the corporate’s chief govt officer, chief info officer and chief safety officer.
Equifax shares ended down 1.5 % at $108.81.
Reporting by John McCrank; Modifying by Invoice Rigby