Equifax says web­site wasn’t hacked

The Denver Post - - BUSINESS - ByKen Sweet

WASH­ING­TON» Equifax said Thurs­day that problems with an on­line cus­tomer help page were caused by a vendor’s soft­ware code and not by a cy­ber­at­tack on its sys­tems.

The com­pany ear­lier said it had dis­abled its credit re­port as­sis­tance page af­ter re­ports that an­other part of its web­site had been hacked.

Equifax Inc. is deal­ing with the af­ter­math of hack­ers break­ing into its sys­tem ear­lier this year that ex­posed the per­sonal in­for­ma­tion of 145.5 mil­lion Amer­i­cans. The com­pany is un­der mul­ti­ple state and fed­eral in­ves­ti­ga­tions and has been sued by nu­mer­ous cus­tomers in lit­i­ga­tion likely to evolve into class-ac­tion law­suits.

The tech­nol­ogy news site Ars Tech­nica ini­tially re­ported that hack­ers had al­tered Equifax’s credit re­port as­sis­tance page that would send users ma­li­cious soft­ware pre­tend­ing to be Adobe Flash.

But At­lanta-based Equifax is­sued a state­ment later Thurs­day blam­ing a third-party vendor it uses to col­lect web­site per­for­mance data. The “vendor’s code run­ning on an Equifax web­site was serv­ing ma­li­cious con­tent,” it said.

Equifax said the code was re­moved from the cus­tomer help page that it had taken the web­page off­line for fur­ther anal­y­sis.

The orig­i­nal breach hap­pened af­ter Equifax did not up­date a piece of soft­ware known as Apache Struts af­ter a vul­ner­a­bil­ity was iden­ti­fied ear­lier this year. Hack­ers were able to ac­cess Equifax’s core sys­tems through most of the sum­mer. It wasn’t un­til early Au­gust that Equifax ex­ec­u­tives were made aware of the breach, and it took un­til Septem­ber for Equifax to tell the pub­lic.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.