The Atlanta Journal-Constitution
Equifax apologizes for fake website link
Software engineer redirected customers who sought free credit monitoring after data breach.
Equifax has apologized for linking people seeking information on a massive security breach to a fake online site.
After the breach, in which Social Security numbers and other key identifying information for 143 million Americans were compromised, Equifax set up a site, equifaxsecurity2017.com. It directed people to information on the hacking incident and links to sign up for free credit monitoring and other protections the company is offering.
But in several tweets in recent days, a company employee directed people to a fake link that flipped the name of Equifax’s link and sent people to a similar-appearing site.
Rather than being a phishing site that could have reaped unsuspecting folks’ personal data yet again, it was set up by Nick Sweeting, a software engineer, according to news reports.
People who clicked on the link got this headline :” Cy ber security Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?”
Sweeting told The New York Times that his site received more than 200,000 hits before he took it down Wednesday evening.
Equifax apologized for the mistake. “All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equi fax security 2017. com. We apologize for the confusion,” the company said in a statement.
The company also warned people to watch for fake websites and emails targeting Equifax customers and people responding to the hacking incident.
“These scams, designed to capture personal information (known as “phishing”) are designed to appear as if they are from Equifax and the emails may link to websites purporting to be operated by Equifax,” the company said in a statement.