Equifax vendor dogged by ‘malicious content’
TORONTO — Equifax Inc. is reporting that a third-party vendor the credit-rating agency uses to collect performance data on its U.S. Equifax website was serving malicious content.
“Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis,” an Equifax spokesperson said in an emailed statement Thursday.
“Equifax can confirm that its systems were not compromised and that the reported issue did not affect our customer-dispute portal.”
Earlier Thursday, Equifax Canada said its U.S. parent company was temporarily taking down one of its customer-service pages amid reports that hackers had altered Equifax’s credit report assistance page so that it would send users malicious software disguised as Adobe Flash.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” Equifax Canada spokesman Tom Carroll said in an emailed statement. “Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”
Carroll did not respond to direct questions about any potential breach to Equifax Canada’s website.
The news comes as Equifax Inc. continues to deal with the aftermath of a cyber breach this year that allowed the personal information of 145.5 million Americans, and 8,000 Canadians, to be accessed or stolen.
Equifax is facing investigations in Canada and the U.S., as well as at least two proposed class actions filed in Canada.