Equifax sends breach victims to a phishing site

Posted September 21, 2017

Reports suggest the first attack may have been carried out by the same group of hackers, but Equifax said it did not involve the same intruders.

News of the breach, which compromised personal information for up to 143 million people, has sliced more than 34 percent off Equifax's share price this month. "Equifax delayed publicly disclosing the breach to consumers for almost six months - likely in an attempt to manage negative public response, mitigate reputational harm and pre-empt litigation".

The credit monitoring agency says the "security incident" was on its corporate networks during tax season in March. (Reminder: those affected by the Equifax breach will get this service for free for a year). "We don't know yet because we don't know how widely it's used", Barnes said. On top of that, the Justice Department is said to have opened a criminal probe into whether top officials at the company violated insider trading laws when they sold stock before Equifax disclosed that it had been hacked.

"It is distressing that this massive breach leaves consumers exposed to financial and other harm", General Slatery said in the release.

Equifax hired the same cybersecurity company, Mandiant, to handle both breach investigations.

Today, Equifax ended up creating that exact situation on Twitter. For more information about the product and enrollment, please visit: "securityequifax2017.com". "However, scammers use this fear to prey on consumers and potentially obtain even more sensitive information".

Along with bulking up its call centers and waiving fees for credit freezes, Equifax announced that its chief information officer and chief security officer would be leaving the company immediately. The costs of those vary by state.

Security experts have voiced concerns over Equifax's separate response website saying it should have hosted the site under its own domain name - Equifax.com - to assure users that they are securely providing their data to the real website and not a fake one. An Equifax spokesperson issued the following statement. Sweeting said he did it to teach Equifax a lesson about its vulnerable URL and how easy it was to spoof.

Information from Equifax indicates the security breach occurred from mid-May through July.

It's called a credit freeze.

People create fake versions of big companies' websites all the time, usually for phishing purposes. All three are Equifax clients, each having paid more than a $109 a year for the company to monitor their credit and ensure the safety of their identity and finances.

Consumers should be vigilant and diligent.

Keeping watch, possibly for a long time.

- Considering freezing your credit reports.

You can not open any new accounts during the credit freeze; you must lift the freeze prior to applying for new credit. That number will allow you unfreeze your credit should you want or need to.