On Wed of this past week, the Equifax website is compromised …. again.
In May, breaching Equifax's website, hackers made off with personal details including social security numbers, ages, addresses and more. This affects over 145.5 million US consumers. Apparently on Wednesday, hackers attacked again. This time, delivering fraudulent Adobe Flash updates. If a visitor clicks on the update, their computer becomes infected with adware. This particular adware escapes detection from most antivirus providers. Actually, only 3 of 65 antivirus detectors were able to pick it up.
Randy Abrams, an independent security analyst, was attempting to check some information he saw on his credit report when one of the bogus pop up ads showed up on the website. In an interview with Reuters on Thursday, he said his first reaction is one of disbelief. “You’ve got to be kidding me,” he recalled thinking. Then he successfully replicated the problem at least five times, making a video that he posted to YouTube.
In an email, Equifax spokesman Wyatt Jeffries said, “We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”
As of 1:15 p.m. Thursday, the web page in question said: “We’re sorry... The website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon.” Previously, people could access the page under the “Credit Report Assistance” heading.
Furthermore, this attack comes just a week after the company’s former chief executive, Richard Smith, stood before angry lawmakers trying to answer first how a massive breach like this could occur. Second, why it took so long to let the public know. Equifax and the IRS are under scrutiny by lawmakers over a $7.2 million contract that was awarded AFTER the breach was made public.
Consequently, best practices for protecting valuable information are more important than ever.
Finally, make sure your business doesn’t have to say “we’re sorry”.