CyberCrimeSecuritySecurity Management

Equifax Denies It Suffered Fresh Cyber Attack

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Nothing to see here. Troubled firm denies it has been attacked again as it removes web page after malware issue

Equifax has found itself at the centre of headlines again after the credit monitoring company was forced to deny it had been the victim of another cyber attack.

It came after Equifax took down a “customer help page” from its website, an action it described as precautionary.

The company is still reeling from a highly damaging data breach that affected approximately 143 million US consumers, as well as nearly 700,000 UK consumers.

data breach, security breaches

No Fresh Attack

This week Equifax has already faced probing questions from House of Commons Treasury Committee.

And on the other side of the pond, it has been hauled up before the US Congress over the matter, where former CEO Richard Smith faced a serious grilling from Senators.

But now to make worse, it discovered on Thursday that one of its third-party vendors had been running malicious code on one its web pages.

Equifax reportedly said it took the affected web page offline “out of an abundance of caution” after an independent security analyst told the website Ars Technica that he had visited Equifax’s website on Wednesday.

The researcher had found that visitors were redirected to download a fraudulent software update for Adobe Flash which if installed, would infect computers with malware.

No Compromise

“Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal,” spokeswoman Francesca De Girolami was quoted by Reuters as saying in a statement on Thursday.

“The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content,” the spokeswoman added.

Equifax also said it has removed the vendor’s code from the web page.

Do you know all about security in 2017? Try our quiz!