MoneyWatch Tech

Equifax takes down web page, but denies new hack

/ CBS/AP

Equifax CEO retires after massive data breach

NEW YORK - Equifax (EFX) has taken down one of its web pages after reports that another part of its web site had been hacked as well.

The news comes as Equifax continues to deal with the aftermath of hackers breaking into its system earlier this year which allowed the personal information of 145.5 million Americans to be accessed or stolen.

Hackers reportedly altered Equifax's credit report assistance page that would send users malicious software pretending to be Adobe Flash.

Although it took the affected page offline just to be cautious, Equifax said Thursday afternoon that its systems were not compromised and that the problem did not affect the portal the company has set up for consumer disputes stemming from the earlier breach.

"The  issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor's code running on an Equifax website was serving malicious content," an Equifax spokesperson told CBS MoneyWatch. 

The credit bureau has removed the code from its web site and is conducting further analysis. 

A slew of federal agencies and state prosecutors are investigating Equifax. The company's former CEO, who left the company in the aftermath of the data breach, admitted to lawmakers earlier this month that a combination of human and technology failures enabled the cyberattack. 

Legal startup helping Equifax hack victims sue credit reporting agency

"This new announcement from Equifax is just Reason No. 10,000 why consumers should assume their personal information is already out there and act accordingly," said Matt Schulz, CreditCards.com's senior industry analyst. "It's a scary thing to wrap your brain around, but the truth is that you're better off assuming the worst and taking steps to protect yourself."

After its systems were penetrated, Equifax pointed to a flawed web server gateway called Apache Struts CVE-2017-5638

Jeff Williams, co-founder of Contrast Security, linked the latest hack to third-party software used by Equifax called Fireclick. "Basically, a very similar problem with two quite different pieces of code," he said.

"Anyone using the Fireclick library may have been affected, and the attackers may not even know that they compromised Equifax," Williams added.

Equifax shares sank 1.3 percent in afternoon trading to $109.95.

First published on October 12, 2017 / 2:33 PM EDT

© 2017 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.