Skip to main content
close search
site logo
Dive Brief

Another day, another hack: Cyberattackers strike Equifax's website

Published Oct. 13, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty, edited by CIO Dive

Dive Brief:

  • Equifax's cybersecurity woes continue after a third-party security firm found malicious actors on the credit bureau's website, as first reported by Ars Technica. The attack occurred over several hours on Wednesday and again on Thursday morning. Hackers controlled the site and directed users to install fake Adobe Flash updates which would in turn grant access for infection. The adware was only detectable by three of 65 antivirus providers, including Symantec, Panda and Webroot, according to the report.
  • The code behind the adware was determined to be "obfuscated" with abilities to "conceal itself from reverse engineering." Independent assessments of the fraudulent Adobe Flash update alluded to the possibility that a third-party ad network Equifax used could be to blame. If this is the case, the ad network could sabotage other sites too. 
  • Equifax quickly suspended the third-party content. The company says the site is up and operational, reports ZDNet. Although Equifax claims it is not the victim of a second cybersecurity breach, the IRS did temporarily halt some services stemming from its $7.2 million controversial contract with Equifax.

Dive Insight:

Equifax just can't seem to get out of its way. The confidence boost from landing the IRS contract suddenly seems flat in light of Thursday's events. 

The latest development comes about a week after former CEO, Richard Smith, testified before the House Energy and Commerce Committee. Equifax is facing financial, legal and ethical backlash after its disclosure of a data breach that left 145.5 million consumers vulnerable, previously reported at 143 million people.

Criticisms of how the breach was handled only mounted after revelations started to emerge. Equifax learned of the breach in late July, and top executives soon after sold off $1.8 million in company shares, and the firm disclosed the breach to the public in early September. Hackers infiltrated Equifax's system through a web application vulnerability, which had an available patch three months prior to the infection that Equifax ignored.

Top executives including the CIO, CSO and CEO have left the firm, but Congress chastised Smith not only for the handling of data but also for collecting information that is "way beyond what you need to determine if [someone]'s creditworthy." Investigations continue for Equifax, but more reports on the firm's disorganized and absent cybersecurity protocols raise deeper concerns. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Productboard Launches AI-Powered Productboard Pulse To Integrate Voice of Customer Into Produc…
From Productboard
October 29, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell