Equifax Takes Down Webpage After Report Of New Cybersecurity 'Situation'

Enlarge this image toggle caption Screenshot by NPR Screenshot by NPR

Visitors to the Equifax website might have encountered something a little odd Thursday afternoon. For some consumers seeking a credit report from the agency, the page that loaded was likely to disappoint them.

"We're sorry ..." the page's error message began. "The website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon."

Posted just over a month after the company acknowledged that a massive cybersecurity breach exposed the personal information of more than 145 million Americans, the error message understandably raised some eyebrows.

On Thursday, Equifax explained that it had taken the page offline after Ars Technica, a website covering technology and other topics, pointed out a potential issue: fraudulent Adobe Flash updates. The problem was identified by independent security analyst Randy Abrams, who said those download links — when clicked — would infect one's computer with adware. Ars Technica said Abrams, vetting his initial suspicions, told the news site "he encountered the bogus Flash download links on at least three subsequent visits."

Abrams shared a video of what he was seeing with Ars Technica.

YouTube

"We are aware of the situation identified on the equifax.com website in the credit report assistance link," Equifax spokesman Wyatt Jefferies said in a statement. "Our IT and Security teams are looking into this matter and, out of an abundance of caution, have temporarily taken this page offline. When it becomes available or we have more information to share, we will."

The news comes more than a week after former Equifax CEO Richard Smith, who stepped down amid criticism over how the company handled the massive breach, endured a bipartisan grilling at a Senate hearing.

At the time, Smith acknowledged "the breach occurred because Equifax failed to act on warnings to fix a software security problem," NPR's Chris Arnold reported. "On top of that, senior executives sold millions of dollars in stock after the breach but before the company made it public. And the efforts to help consumers had a series of missteps."

Earlier Thursday, GOP Rep. Patrick McHenry of North Carolina introduced a bill intended to "create uniform cybersecurity standards for credit bureaus and submit them to onsite examinations," according to his office.

"It protects Americans by creating a national credit freeze that actually works," McHenry said of the legislation. "Finally, it prohibits the largest credit reporting agencies from continuing to rely upon the most sensitive of Americans' personal information: our Social Security numbers."