Nearly two weeks after Equifax revealed that data from 143 million people had been compromised, it turns out the company has been sending people to the wrong site to check if their data was compromised, The Verge reports.
After the breach was revealed on Sept. 7, the company -- one of the nation's three biggest credit bureaus -- set up the website equifaxsecurity2017.com for customers to check if they had been affected.
But several tweets dating as far back as Sept. 9n show that the company's customer service team mistakenly sent users to a different site, securityequifax2017.com.
The tweets were taken down, but some had remained posted for over 24 hours, as Twitter users noted.
Luckily, the incorrect domain wasn't a nefarious phishing site, but a site built to make a point. Nick Sweeting registered the domain, which reverses the words "security" and "equifax," to draw attention to the vulnerability of the actual Equifax site. The fact that the security site is on a separate domain, and not on equifax.com, "makes it ridiculously easy for scammers to come in and build clones," he told the outlet.
He told The Verge that data that duped consumers had entered into his page and would not leave it.
The company announced on Sept. 7 that hackers gained access to 143 million American consumers' personal information after exploiting a vulnerability on its website. The theft, which occurred between mid-May and July, included people's names, Social Security numbers, birth dates and other data.
The Federal Trade Commission said last week it wasinto the breach.