Equifax Inc. took partial of a website offline Thursday after formula on a site redirected users to a antagonistic URL propelling them to download malware.
Also Thursday, a tip Republican congressman introduced a check that would stop credit stating companies such as Equifax from regulating Social Security numbers to establish Americans’ identities.
The moves come a month after Equifax suggested that a information moment unprotected a Social Security numbers and birthdates of as many as 145.5 million Americans. That penetrate took place after Equifax unsuccessful for several months to repair a program smirch that sovereign officials had warned about in March.
Late Wednesday night, eccentric confidence researcher Randy Abrams pronounced in a blog post that while he was perplexing to download his credit news from a Equifax site, he clicked a couple that kicked him to a third-party website with “one of a entire feign Flash Player Update screens.” His post was initial reported by record news site Ars Technica.
Equifax pronounced Thursday afternoon that a problem stemmed from formula supposing by a third party.
“The emanate involves a third-party businessman that Equifax uses to collect website opening data, and that vendor’s formula using on an Equifax website was portion antagonistic content,” a association pronounced in a statement. “Since we schooled of a issue, a vendor’s formula was private from a webpage and we have taken a webpage offline to control serve analysis.”
Equifax emphasized that a “systems were not compromised” and pronounced that notwithstanding early reports, a problem “did not impact a consumer online brawl portal.”
Its spokespeople did not answer questions about when a association schooled of a problem or how many website visitors clicked a link.
Everyone uses third-party code, pronounced Jeff Williams, arch record officer and co-founder of Contrast Security. However, he pronounced in a statement, doing so “creates an requirement to investigate for vulnerabilities invariably and respond to new vulnerabilities/attacks within hours.”
This wouldn’t be a initial time that people guileless Equifax have been sent to a controversial third-party site.
After announcing a vast information moment final month, Equifax set adult a website — equifaxsecurity2017.com — to assistance people establish either they had been affected. But on mixed occasions, Equifax’s Twitter criticism instead suggested people to go to a opposite site with a identical URL. That site had been combined by an operative who wanted to uncover how easy it would be to set adult a phishing site that mimicked Equifax’s.
Separately, Rep. Patrick McHenry (R-N.C.) introduced legislation Thursday that would moment down on credit stating companies. It would need Equifax, Experian and TransUnion to proviso out a use of Social Security numbers by 2020.
The legislation also would emanate a inhabitant horizon for consumers to solidify entrance to their credit to forestall temperament burglary as good as mandating a sovereign supervision to emanate uniform cybersecurity standards for credit stating companies and control onsite examinations.
“The check I’ve introduced currently takes an critical initial step in providing suggestive reforms to assistance Americans who have been impacted by this breach,” McHenry said. “It is focused on prevention, insurance and prohibition.”
The moment suggested final month, and Equifax’s unfit doing of a aftermath, led to bipartisan outrage. The company’s former arch executive, Richard Smith — who stepped down after a moment was disclosed — was slammed by lawmakers in 4 congressional hearings final week.
In response to critique of a efforts to assistance consumers understanding with a breach, Equifax pronounced it would stop charging people to solidify entrance to their credit annals so that no information would be expelled to scammers. Smith told lawmakers that such giveaway credit freezes should be a attention customary and that a republic should cruise replacing Social Security numbers “as a norm for temperament verification.”
The Trump administration also is looking during shortening a significance of Social Security numbers. Rob Joyce, a White House cybersecurity coordinator, pronounced during a discussion final week that a Social Security series “has outlived a usefulness” and that he wanted to find a “modern cryptographic identifier” that would be some-more secure.
McHenry’s check is during slightest a third introduced to levy worse standards on credit stating companies. But as a member of a House Republican leadership, he might have a poke to pull his offer through.
The Promoting Responsible Oversight of Transactions and Examinations of Credit Technology, or PROTECT, Act would theme vast credit stating companies to a same sovereign cybersecurity standards and slip as banks and other financial institutions, McHenry said.
Shifting divided from faith on Social Security numbers is a pivotal partial of a bill. McHenry pronounced he wanted to stop credit stating companies from relying on a numbers, that he called “the many supportive of Americans’ personal information.”
2:05 p.m.: This essay was updated to embody criticism from Equifax and Jeff Williams, arch record officer and co-founder of Contrast Security.