Equifax pulls web page over mal­ware


TORONTO — Equifax Inc. says a third-party vendor the credit rat­ing agency uses to col­lect per­for­mance data on its United States web­site was serv­ing ma­li­cious con­tent.

“Since we learned of the is­sue, the vendor’s code was re­moved from the web page and we have taken the web page off­line to con­duct fur­ther anal­y­sis,” an Equifax spokesper­son said in an emailed state­ment on Thurs­day.

“Equifax can con­firm that its sys­tems were not com­pro­mised and that the re­ported is­sue did not af­fect our cus­tomer dis­pute por­tal.”

Ear­lier on Thurs­day, Equifax Canada said its U.S. par­ent com­pany was tem­po­rar­ily tak­ing down one of its cus­tomer ser­vice pages amid re­ports that hack­ers had al­legedly al­tered the com­pany’s credit re­port as­sis­tance page so that it would send users ma­li­cious soft­ware.

“We are aware of the sit­u­a­tion iden­ti­fied on the equifax.com web­site in the credit re­port as­sis­tance link,” Equifax Canada spokesman Tom Car­roll said.

“Our IT and se­cu­rity teams are look­ing into this mat­ter and out of an abun­dance of cau­tion have tem­po­rar­ily taken this page off­line.”

Car­roll did not an­swer ques­tions about any po­ten­tial breach to Equifax Canada’s web­site.

The news comes as Equifax Inc. con­tin­ues to deal with the af­ter­math of a cy­ber breach ear­lier this year, which al­lowed the per­sonal in­for­ma­tion of 145.5 mil­lion Amer­i­cans and 8,000 Cana­di­ans to be ac­cessed or stolen.

The com­pany is fac­ing in­ves­ti­ga­tions in Canada and the U.S. and at least two pro­posed class ac­tions filed in Canada.

The mas­sive data breach has also led to a num­ber of high-pro­file de­par­tures at the At­lanta-based agency.

For the 8,000 Cana­dian con­sumers, Equifax said the in­for­ma­tion that may have been ac­cessed in­cludes name, ad­dress, so­cial in­sur­ance num­ber and, in “lim­ited cases,” credit card num­bers.

On its web­site, Equifax’s Cana­dian di­vi­sion said it has not yet mailed out any no­tices and made clear it would not be mak­ing any un­so­licited calls or emails about the is­sue.

In Septem­ber, Equifax re­ported that its in­ves­ti­ga­tion had shown that hack­ers had unau­tho­rized ac­cess to its files from May 13 to July 30. Equifax Canada said at the time it was work­ing closely with its par­ent com­pany and an un­named in­de­pen­dent cybersecurity firm.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.