Equifax Confirms Yet Another Hack
Oops, they did it again? Earlier today, the credit reporting agency Equifax took one of its webpages offline. They confirmed that an attacker had compromised the site. The websit eredirected users to a malicious URL and prompted them to download a compromised Flash plugin. This attack took place mere weeks after one of the largest beaches in history affected almost 150 million personal records held by Equifax. Ironically, Equifax used the site as a resource for customers impacted by the initial breach.
Randy Abrams, the independent security analyst who discovered this, posted the following proof on YouTube:
Other research indicates this may have resulted from a compromised or malicious third party analytics firm, not from Equifax itself.
An Equifax representative told Ars Technica this morning: “We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”
This is a developing story, so we’ll provide updates on our blog as they come in.
Want to Protect Yourself? We Can Help!
It’s sad to say, but companies experience breaches like this almost on a daily basis. Maybe they’re not as publicized or have such an immediate or obvious impact, but they still happen. Don’t turn into the next Equifax, lock down your web applications immediately. Keep them locked down and test their security regularly. Secure Compliance Solutions can help you, no matter what your security needs are. We’re experienced penetration testers, system hardeners, software developers, and compliance experts, and we can meet any security challenge hackers and cybercriminals throw at us. Whether you’ve been impacted by the Equifax breach, or just want to avoid becoming the next target, let’s get in touch and see how we can work together.
Secure Compliance Solutions LLC (SCS) provides a wide range of CISO advisory consulting and Managed Security Services that help our clients build and strengthen their strategic Information Security and Data Privacy programs. SCS believes that a comprehensive implementation of industry-tested frameworks and standards not only helps organizations meet their compliance goals, but significantly strengthens overall security posture. We raise awareness of current security trends and risks to prepare personnel to recognize potential security issues. Our Managed Security Service is designed so clients can offload the responsibility of “constant watch” against both internal and external cyber threats and attacks. SCS helps our customers wade through complex and evolving cybersecurity regulations, and defends their business interests against increasingly sophisticated cyber threats. At SCS, we champion a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities.