Sounds like this breach that started out from 2011 through 2016 is huge, and could be the largest to date. Equifax Inc said on Thursday it has taken one of its customer help web pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of 145.5 million people.
The move came after an independent security analyston Wednesday found part of Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported. We are aware of the situation identified on the equifax.com website in the credit report assistance link, Equifax spokesman Wyatt Jefferies said in an email. Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. Credit reporting agency Equifax Inc said earlier on Tuesday that 15.2 million client records in Britain were compromised in the massive cyber-attack it disclosed last month, including sensitive information affecting nearly 700,000 consumers. Equifax said earlier this month that it had determined some 8,000 Canadian consumers were also impacted by the breach, much less than the 100,000 it had previously warned were at risk. Equifax has even announced the company planned to mail notifications to those affected with information about free credit monitoring and identity theft protection services.
The company was alerted in March that a software security vulnerability existed in one or more of its systems, but it failed to fix the problem because of both human error and technology failures, former CEO Richard Smith told a U.S. congressional committee. The U.S.-based company said around 14.5 million of the records breached, mostly in the United States, had their information, including Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers, stolen. Equifax said it would notify the 693,665 affected UK consumers by post and offer them several its own and third party risk mitigation products for free to help minimize the risk of possible criminal activity. Equifax has faced seething criticism from consumers, regulators and lawmakers over its handling of the breach, which happened between mid-May and late July and was disclosed on Sept. 7. Since then, the company has parted ways with its chief executive officer, chief information officer and chief security officer as reported by Reuters. Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act, Patricio Remon, Equifax’s president for Europe. Let me take this opportunity to emphasize that protecting the data of our consumers and clients is always our top priority. As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting.
The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice. While, the problem still remains, once your data is out it can be used even after a decade, and with the numbers globally, the breach may be the largest to date, and resorting to a one to one contact to pass on risk mitigation solutions for free to help minimize the risk of possible criminal activity is ridiculous as a new solution in technology today is old news tomorrow, the only logical solution is an open-source solution, that is sustainably maintained and updated, whether through buying the third party company in charge of the current solution suggested or pay latter the full fee of delayed actions.