Skip to content

Equifax takes down customer service web page after reports of new hack

TORONTO — Equifax Canada says its U.S. parent company’s website has temporarily taken down one of its customer services pages amid reports that another part of its website had been hacked.
8914035_web1_171012-RDA-M-171013-RDA-BUS-Equifax

TORONTO — Equifax Canada says its U.S. parent company’s website has temporarily taken down one of its customer services pages amid reports that another part of its website had been hacked.

Company spokesman Tom Carroll did not respond to direct questions about any potential breach to Equifax Canada’s website or the number of Canadian or American Equifax customers that may have been affected.

Carroll said in an emailed statement that, “We are aware of the situation identified on the equifax.com website in the credit report assistance link.”

“Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline,” his statement added.

“When it becomes available or we have more information to share, we will.”

The news comes as Equifax Inc. continues to deal with the aftermath of a cyber breach earlier this year which allowed the personal information of 145.5 million Americans, and 8,000 Canadians, to be accessed or stolen.

In the latest cybersecurity incident, hackers reportedly altered Equifax’s credit report assistance page so that it would send users malicious software disguised as Adobe Flash.

Since news of Equifax’s massive data breach broke last month, the company is facing investigations in Canada and the U.S., as well as at least two proposed class actions filed in Canada.

The massive data breach has also led to a number of high-profile departures at the Atlanta-based consumer credit reporting agency, including its chief executive, chief information officer and chief security officer.

In early October, Equifax revised the number of consumers potentially impacted in the breach — bumping up the total in the U.S. to 145.5 million and reducing the number in Canada from an estimated 100,000 to 8,000.

For these Canadian consumers, Equifax says the information that may have been accessed includes name, address, social insurance number and, in “limited cases” credit card numbers.

On its website, Equifax’s Canadian division says it has not yet mailed out any notices and made clear it would not be making any unsolicited calls or emails about the issue.

In September, Equifax reported that its investigation had shown that hackers had unauthorized access to its files from May 13 to July 30. Equifax Canada said at the time it was working closely with its parent company Equifax Inc. and an unnamed, independent cybersecurity firm conducting the ongoing investigation.

The cyberattack occurred through a vulnerability in an open-source application framework it uses called Apache Struts. The United States Computer Readiness team detected and disclosed the vulnerability in March, and Equifax “took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure.”