Manipulation of web site was via “third-party” says Atlanta-based Equifax


In what at first looked like yet another incident of hacking, Equifax has taken down a web page because of suspicion that it had been manipulated.

The site, one of the embattled company’s customer service offerings, was delivering fraudulent updates for Adobe Flash, which – when clicked – would infect a visitor’s computer with unwanted software, according to a security analyst and the technology web site Ars Technica.

Thursday morning, Equifax officials confirmed that they had taken down the web page and said they were investigating. But late in the day, the company issued a statement asserting that no breach had occurred – although it did not deny that there had been unauthorized activity.

“Despite early media reports, Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal,” the company said.

Instead, it involved connections using the Equifax site, Equifax said.

“The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content,” said the company statement. 

The company has removed the vendor’s code and the webpage remains offline “to conduct further analysis.”

Hours before the Equifax statement, Ars Technica had reported that independent assessments from researchers that indicated the problem had been coming from “a third-party ad network or analytics provider.”

That did indeed mean that the problem might not actually be on the Equifax website, Ars Technica wrote. “But even if that’s true, the net result is that the Equifax site was arguably compromised in some way, since administrators couldn’t control the pages visitors saw when trying to use key functions.”

More ominously, the site had required some visitors to enter their Social Security numbers.

The Equifax statement did not specifically address that point.

But Equifax is in the public eye, which puts it in the crosshairs for hackers, too, said Paige Schaffer, president of the identity and digital protection unit at Generali Global Assistance. “The amount of public scrutiny that Equifax has recently experienced has likely made them more of a target for hackers trying to take advantage of any vulnerabilities that may still exist.”

The Atlanta-based company first announced a breach on Sept. 7 that it eventually said involved information about 145 million people.

On Tuesday, a report citing unnamed officials said that driver’s license data for 10.9 million Americans had been included in that breach.

After several years of breaches – although none so deep in data as that at Equifax – consumers should assume that much of their personal information is “out there,” said Matt Schulz, senior industry analyst for CreditCards.com.

Yet about 20 percent of adults have never checked their credit, according to the company’s research, he said. “This new announcement from Equifax is just Reason No. 10,000 why consumers should assume their personal information is already out there and act accordingly. It’s a scary thing to wrap your brain around, but the truth is that you’re better off assuming the worst and taking steps to protect yourself.”

Also Thursday, Hyatt Hotels said payment card information had been hacked at a number of locations in spring and early summer. 

Hyatt said 41 properties were affected in 11 countries, including seven in the United States: three in Hawaii, three in Puerto Rico and one in Guam. 

News about the massive Equifax breach made the once-obscure company a household name – and not in a good way.

Two executives sold stock after the breach was discovered – but before it was announced. Not good optics. Richard Smith, the company’s chief executive, abruptly retired. He who was called before Congress anyway to face bipartisan censure.

One of the more strident critics, Sen. Elizabeth Warren (D-Mass.), on Thursday sent a letter and a list of 79 questions to Smith.

Among her requests, were attempts to get more details about the extent of the breach and the company’s response, the failure to protect consumer data, the company’s security strategy and questions about ignoring previous warnings.

“At your hearing, you stated that the hack was the result of both human and technological errors,” wrote Warren, who made her name at Harvard as a critic of the financial system. “You failed to describe in detail how these errors occurred or what safeguards, if any, Equifax had in place to prevent or mitigate such errors.”

* * * * * * * * * * * * * * 

MYAJC.COM: REAL JOURNALISM. REAL LOCAL IMPACT.

AJC Business reporter Michael E. Kanell keeps you updated on the latest news about jobs, housing and consumer issues in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories: 

Never miss a minute of what's happening in local business news. Subscribe to myAJC.com. 



Reader Comments ...


Next Up in Business

All-new Chevy SUV, the Blazer, debuts in Atlanta
All-new Chevy SUV, the Blazer, debuts in Atlanta

Chevrolet unveiled the newest vehicle in its lineup, the Blazer, in Atlanta Thursday night, reviving the defunct SUV with a smaller version. Alan Batey, General Motors’ North American president, made the announcement at an event at The Fairmont in Atlanta, showing off a model of the mid-size SUV, which features a slimmer, more athletic front...
UPS, Teamsters reach tentative labor agreement
UPS, Teamsters reach tentative labor agreement

UPS and the Teamsters union have reached a tentative agreement on a new five-year labor deal, which if approved could alleviate the risk of a strike. The settlement in principle of the national master UPS agreement is subject to approval by UPS local unions. Yet to be resolved are supplemental agreements, according to the Teamsters. The final deal...
Wes Moss: How to head into retirement with no mortgage
Wes Moss: How to head into retirement with no mortgage

“Should we pay off our mortgage before we retire?” This is among the most common questions I get from clients and “Money Matters” listeners (tune in from 9-11 a.m. Sundays on WSB radio (News 95.5 and AM 750 WSB). I most recently heard it from a couple who are on their final approach for retirement. Let’s call them Rose...
Chevrolet announces all-new Chevy Blazer in Atlanta
Chevrolet announces all-new Chevy Blazer in Atlanta

Chevrolet unveiled the newest vehicle in its lineup, the Chevy Blazer, in Atlanta Thursday night, reviving the discontinued Trailblazer with a smaller version of the utility vehicle. Alan Batey, General Motors’ North American president, made the announcement at an event at The Fairmont in Atlanta, showing off a model of the mid-sized SUV, which...
Mayor Kasim Reed aides got late term promotions to Hartsfield-Jackson
Mayor Kasim Reed aides got late term promotions to Hartsfield-Jackson

Former Atlanta Mayor Kasim Reed’s administration transferred two employees from City Hall to high-paying positions at Hartsfield-Jackson International Airport in the final days of Reed’s term. Both worked closely with Reed, one as an executive assistant to the mayor and the other as a scheduling coordinator, and both were promoted to the...
More Stories