Equifax Hacked, Again
Equifax Confirms Yet Another Hack
Oops, they did it again? Earlier today, the credit reporting agency Equifax took one of its webpages offline. They confirmed that an attacker had compromised the site. The websit eredirected users to a malicious URL and prompted them to download a compromised Flash plugin. This attack took place mere weeks after one of the largest beaches in history affected almost 150 million personal records held by Equifax. Ironically, Equifax used the site as a resource for customers impacted by the initial breach.
Randy Abrams, the independent security analyst who discovered this, posted the following proof on YouTube:
Other research indicates this may have resulted from a compromised or malicious third party analytics firm, not from Equifax itself.
An Equifax representative told Ars Technica this morning: “We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”
This is a developing story, so we’ll provide updates on our blog as they come in.
Want to Protect Yourself? We Can Help!
It’s sad to say, but companies experience breaches like this almost on a daily basis. Maybe they’re not as publicized or have such an immediate or obvious impact, but they still happen. Don’t turn into the next Equifax, lock down your web applications immediately. Keep them locked down and test their security regularly. Secure Compliance Solutions can help you, no matter what your security needs are. We’re experienced penetration testers, system hardeners, software developers, and compliance experts, and we can meet any security challenge hackers and cybercriminals throw at us. Whether you’ve been impacted by the Equifax breach, or just want to avoid becoming the next target, let’s get in touch and see how we can work together.
More Reading
Secure Compliance Solutions LLC (SCS) provides a wide range of CISO advisory consulting and Managed Security Services that help our clients build and strengthen their strategic Information Security and Data Privacy programs. SCS believes that a comprehensive implementation of industry-tested frameworks and standards not only helps organizations meet their compliance goals, but significantly strengthens overall security posture. We raise awareness of current security trends and risks to prepare personnel to recognize potential security issues. Our Managed Security Service is designed so clients can offload the responsibility of “constant watch” against both internal and external cyber threats and attacks. SCS helps our customers wade through complex and evolving cybersecurity regulations, and defends their business interests against increasingly sophisticated cyber threats. At SCS, we champion a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities.
Recent Posts
Categories
Posts by Month
- November 2024 (1)
- October 2024 (1)
- August 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- October 2023 (1)
- February 2023 (1)
- November 2021 (2)
- October 2021 (1)
- December 2020 (2)
- November 2020 (2)
- October 2020 (4)
- September 2020 (1)
- August 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2018 (1)
- March 2018 (5)
- February 2018 (3)
- January 2018 (5)
- December 2017 (3)
- November 2017 (3)
- October 2017 (6)
- May 2017 (1)
- January 2016 (3)
- November 2015 (1)
- October 2015 (1)