Equifax is dealing with yet another security issue


Equifax has taken down a webpage after a visitor reported being targeted with malicious advertising.

Security analyst Randy Abrams first discovered the malicious pop-up message when he visited the Equifax website to confirm personal data, he told CNN Tech. What he found instead was yet another security issue for the credit agency.

A malicious pop-up asked Abrams to download something claiming to be Adobe Flash. But as Ars Technica initially reported, security companies consider the file adware.

Equifax says its systems were not compromised and the issue did not affect the consumer online dispute portal.

“The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content,” a spokesperson said in a statement. “Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”

It’s the latest security issue for the credit agency after hackers stole data on more than 145 million people through an unpatched hole in the company’s software. Equifax announced the massive security breach last month. Federal and state agencies are now probing the hack.

The adware appeared on a part of the Equifax website where people can learn how to get a free or discounted credit report. As of Thursday afternoon, that website is no longer available.

“The website is currently down for maintenance,” a note on the page says. “We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon.”

Abrams said he was able to duplicate the pop-up four or five times.

Experts initially suggested the security issue may be a result of a third-party analytics or advertising company used by Equifax displaying the adware. Many websites use analytics companies to track people who visit their sites.

Consumers should never click on pop-ups that unexpectedly ask you to download software. This type of adware could hijack your browser, serve up fraudulent search results, and lead to more pop-up ads.