Equifax compromised yet again as its website directs visitors to install malware

Equifax compromised yet again as its website directs visitors to install malware

On Thursday, Ars Technica reported that security analyst Randy Abrams was prompted to download fraudulent Adobe Flash updates when he visited the Equifax website to contest his credit report.

The latest hack comes more than a month after the Atlanta-based company announced a massive data breach that has affected as many as 145.5 million people. "Despite early media reports, Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal".

In a follow-up statement shared with KrebsOnSecurity this afternoon, however, Equifax said the problem stemmed from a "third-party vendor that Equifax uses to collect website performance data", and that "the vendor's code running on an Equifax Web site was serving malicious content". Multiple federal and state agencies have started investigating the matter since this information was unveiled.

"We are aware of the situation identified on the website in the credit report assistance link", spokesman Wyatt Jefferies wrote.

What personal information was stolen in the hack?


More news: Alexa Can Distinguish Your Voice to Get Personalized for You
More news: Ezekiel Elliott's 6-Game Suspension Back On ... For Now
More news: Turkey tries different measures to free Crimean Tatars jailed by Russia - Erdogan

For these Canadian consumers, Equifax says the information that may have been accessed includes name, address, social insurance number and, in "limited cases" credit card numbers.

Somehow, the worst credit-card-data breach in USA history just got worse.

After the first breach was disclosed in September, several actions were taken.

Money expert Clark Howard says rather than waiting on Equifax to get itself together, consumers should be proactive and do what they can to protect themselves from identity fraud.