Equifax takes webpage offline after third-party malware found

13 Oct 2017

Adware was running on an Equifax customer help page. Image: Micholas/Shutterstock

When it rains, it pours for Equifax.

Interim CEO of Equifax Paulino do Rego Barros Jr recently wrote a letter of apology in The Wall Street Journal admitting that the credit reporting company wasn’t able to meet the expectations of customers.

“On behalf of Equifax, I want to express my sincere and total apology to every consumer affected by our recent data breach. People across the country and around the world, including our friends and family members, put their trust in our company. We didn’t live up to expectations.”

The flaw in Equifax’s server that caused the breach affecting millions of customers around the globe had been known about prior to the incident and was without a patch for far too long. The company was unprepared for the volume of calls and correspondences from disgruntled customers.

Extending an olive branch, Equifax will now launch a service free for American customers to lock and unlock their credit at any time, and the window for a free credit freeze has been extended until the end of January 2018.

Third-party adware

Unfortunately, the trouble just keeps coming for Equifax, with this latest incident occurring because of a third-party provider.

According to CNBC, shares in the company dropped on 12 October after it disabled a customer online help page. Many quickly concluded that Equifax had been the target of another data breach, but this wasn’t the case.

A spokesperson for the company told CNBC that the problem was with its credit report assistance link on its website, and its systems were not compromised in any way. They continued: “The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content.

“Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”

The malicious link comes in the form of a fake Flash installer window, tricking people into downloading adware onto their machines, essentially flooding their browser with advertisements.

An independent security analyst, Randy Abrams, noticed the issue late on 11 October when he was trying to check his credit report.

According to Paul Ducklin of Sophos, the affected page on the Equifax site has been taken down for “maintenance”, with no mention of the reasoning behind its removal.

This news comes after Equifax admitted that 694,000 UK customers had their data stolen between May and July 2017, with the original figure thought to be closer to 400,000.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects