Equifax botches customer security response
Credit agency haphazardly shared fake website link.
Earlier this week, beleaguered credit agency Equifax reportedly shared links to a fake phishing website posing as a security page for those affected by the company’s massive data breach, revealed in early September.
CNN Tech reports Equifax’s Twitter account posted incorrect links to a pseudo assistance website on a number of occasions, as recently as Wednesday, in response to customers seeking help and information.
The Equifax security breach, discovered in late July, began in mid-May, exposing the names, social security numbers, birth dates, addresses, and in some cases, driver’s license details of 143 million Americans.
Shortly after reporting the breach to consumers, the company created a new supplementary web portal, equifaxsecurity2017.com, to help those affected identify whether their personal information was impacted.
However, software engineer Nick Sweeting created a mock phishing website, securityequifax2017.com, in an effort to criticize Equifax’s response to the hacking incident and force the company to change its tactics.
“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” Sweeting told CNN Tech.
“I can guarantee there are real malicious phishing versions already out there.”
Sweeting said he paid just $10 to purchase the domain and within 20 minutes had cloned the Equifax site.
The engineer revealed his website received around 2,000 visits in the last few days but assured Equifax customers it was not malicious and doesn’t store any data entered by users.
Following the breach, Equifax began offering free identity theft protection and credit file monitoring services.
However, TechCrunch reported that the terms of service on Equifax’s website evidently state that by agreeing to use TrustedID Premier, users were waving their rights to bring a class action lawsuit against the company.
You can obtain a free copy of your credit report by sending an online request or calling toll-free 1-877-322-8228.
If you believe you’re the victim of identity theft, it’s important you contact the proper authorities, including local law enforcement, and consider liaising with your state attorney general or the Federal Trade Commission.