WASHINGTON -- Equifax Inc. has taken part of its website offline after an independent security analyst reported that the site apparently had been hacked. He said clicking a link on the site redirected him to a malicious Internet address urging him to download malware.
Also Thursday, a top Republican congressman introduced a bill that would stop credit-reporting companies such as Equifax from using Social Security numbers to verify Americans' identities.
The potential hack comes a month after Equifax revealed that a data breach exposed the Social Security numbers and birth dates of as many as 145.5 million Americans. That earlier hack took place after Equifax failed for several months to fix a software flaw that federal officials had warned about in March.
Late Wednesday night, security analyst Randy Abrams said in a blog post that while he was trying to download his credit report from the Equifax site, he clicked a link that kicked him to a third-party website with "one of the ubiquitous fake Flash Player Update screens." His post was first reported by technology news site Ars Technica.
As of Thursday morning, that link instead directs users to an Equifax announcement that the page is down for maintenance.
"We are aware of the situation identified on the equifax.com website in the credit report assistance link," an Equifax spokesman said in a statement. "Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline."
Rep. Patrick McHenry, R-N.C., introduced legislation Thursday that would crack down on credit-reporting companies. It would require Equifax, Experian and TransUnion to phase out the use of Social Security numbers by 2020.
The legislation also would create a national framework for consumers to freeze access to their credit to prevent identity theft and would mandate that the federal government create uniform cybersecurity standards for credit-reporting companies and conduct on-site examinations.
In response to criticism of its efforts to help consumers deal with the breach, Equifax said it would stop charging people to freeze access to their credit records so that no data would be released to scammers. The company's former chief executive, Richard Smith. who stepped down after last month's disclosure of a breach, told lawmakers that such free credit freezes should be the industry standard and that the nation should consider replacing Social Security numbers "as the touchstone for identity verification."
A data breach has led to the filing of lawsuits across the country including in federal court in Texarkana.
A suit filed Oct. 6 in the Texarkana Division of the Western District of Arkansas seeks to represent anyone whose personal identifying information in Equifax's possession was hacked from May to July.
The complaint, filed by the Little Rock firm Steel, Wright, Gray & Hutchinson and the Nashville, Tenn.-based Sanford Heisler Sharp firm, identifies both a national class of potential plaintiffs and an Arkansas class of potential plaintiffs and names Prescott, Ark., resident Roshunda Gulley as the class representative.
"Armed with the stolen information, unauthorized third parties now possess keys that unlock consumers' medical histories, bank accounts, employee accounts, and more," the complaint states. "Criminals can take out loans, mortgage property, open financial accounts and credit cards in a victim's name, obtain government benefits, file fraudulent tax returns, obtain medical services, and provide false information to police during an arrest, all under the victim's name."
Information for this article was contributed by Lynn LaRowe of the Texarkana Gazette.
Business on 10/13/2017