Equifax pulls customer service page, cites vendor’s software
NEW YORK — Equifax said Thursday that problems with an online customer help page were caused by a vendor’s software code and not by a cyberattack on its systems.
The company earlier said it had disabled its credit report assistance page after reports that another part of its website had been hacked.
Equifax Inc. is dealing with the aftermath of hackers breaking into its system earlier this year that exposed the personal information of 145.5 million Americans. The company is now under multiple state and federal investigations and has been sued by numerous customers in litigation likely to evolve into class-action lawsuits.
The technology news site Ars Technica initially reported that hackers had altered Equifax’s credit report assistance page that would send users malicious software pretending to be Adobe Flash.
But Atlanta-based Equifax issued a statement later Thursday blaming a third-party vendor it uses to collect website performance data. The “vendor’s code running on an Equifax website was serving malicious content,” it said.
Equifax said the code was removed from the customer help page that it had taken the webpage offline for further analysis.
The original breach happened after Equifax did not update a piece of software known as Apache Struts after a vulnerability was identified earlier this year. Hackers were able to access Equifax’s core systems through most of the summer. It wasn’t until early August that Equifax executives were made aware of the breach, and it took until September for Equifax to tell the public.