Posted: September 22, 2017
By Russell Grantham, The Atlanta Journal-Constitution
Equifax linked people to a fake online site that mimicked the link for its own site on its massive Sept. 7 security breach that affected 143 million Americans.
After the breach, which involved Social Security numbers and other key identifying information, Equifax set up a site, equifaxsecurity2017.com, that directed people to information on the hacking incident and links to sign up for free credit monitoring and other protections the company is offering.
But in several tweets in recent days, a company employee directed people to a fake site that flipped the name of the site and sent people to a similar-appearing site.
Rather than being a phishing site that could have reaped unsuspecting folks’ personal data yet again, it was set up by Nick Sweeting, a software engineer, according to news reports.
People who clicked on the link got this headline: “Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?”
Sweeting told the New York Times his site received more than 200,000 hits before he took it down Wednesday evening.
Equifax apologized for the mistake. “All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion,” the company said in a statement.
The company also warned people to watch for fake websites and emails targeting Equifax customers and people responding to the hacking incident.
“These scams, designed to capture personal information (known as “phishing”) are designed to appear as if they are from Equifax and the emails may link to websites purporting to be operated by Equifax,” said the company.
Equifax was hacked almost five months before the Atlanta-based company publicly disclosed the breach that may have compromised the personal data, including social security numbers and credit card information, of 143 million Americans, according to Bloomberg.
The credit reporting agency learned about the breach five months earlier in March, Bloomberg reported, citing three sources familiar with the hack, but in a statement, the company denied that the computer breaches were related.
One of Bloomberg’s sources said that both hacks involved the same perpetrators.
According to Reuters, Equifax released a statement maintaining that the two events were not related:"Earlier this year, during the 2016 tax season, Equifax experienced a security incident involving a payroll-related service. The incident was reported to customers, affected individuals and regulators. This incident was also covered in the media. The March event reported by Bloomberg is not related to the criminal hacking that was discovered on July 29. Mandiant has investigated both events and found no evidence that these two separate events or the attackers were related. The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event.”
Equifax is now at the center of several investigations into how the breach occurred and what took so long to disclose it.
The company first reported the enormous breach of personal data last Thursday when it said a “cyber security incident” may have exposed millions of Americans’ personal information.
Equifax said the unauthorized access to the information occurred between mid-May and July, and was discovered by the company on July 29. It has since hired an outside cybersecurity firm to investigate.
Two high-ranking executives have since left Equifax as it struggles to contain the fallout from the massive breach.
Equifax and a software company are blaming each other for a glitch that allowed hackers to obtain Social Security numbers and other sensitive information for 143 million people.
The Atlanta-based company, one of the nation’s three key credit bureaus that track individuals’ credit histories, said late Wednesday that hackers breached a vulnerable spot in a U.S. website application called Apache Struts CVE-2017-5638. Equifax disclosed last week that it discovered in July that hackers had tapped a large trove of personal data on most adults in America.
But in a statement Thursday, Apache Software Foundation, which provides the application, said it provided and announced a patch for the software fault on March 7, well before Equifax said the security breach began in mid-May.
“In conclusion, the Equifax data compromise was due to their failure to install the security updates provided in a timely manner,” the foundation said.
The 18-year-old foundation said it is an all-volunteer organization that produced open-source Java applications for government and business users, including Fortune 100 companies.
Equifax couldn’t be reached immediately for a response to Apache Software Foundation’s statement.
Two class-action lawsuits have been filed on behalf of customers affected by a massive breach at Equifax.
Officials with the Atlanta-based credit reporting and technology company said a “cyber security incident” may have exposed the personal information of 143 million U.S. consumers.
The data that might have been accessed includes names, Social Security numbers, birth dates and addresses.
Former Georgia Gov. Roy Barnes has partnered with a Florida firm for a class-action lawsuit.
"This is not a windfall thing. These are real damages and real fears that folks have," he said. "There's no telling, but I guarantee you most of this information was auctioned off in just a matter of hours."
Barnes said that if you've been compromised, you are automatically a part of the class-action suit unless you opt out.
"You don't have to do anything. We have class representatives and there will come a time when we'll contact folks," he said.
He said he is going after what it takes to make things right.
"What the money should be is what is necessary to hire someone to straighten out your credit so that you don't disrupt your life forever," he said. "And some money for the fact that (Equifax) negligently, and in violation of several federal statutes, allowed for this information to get out."
Barnes said among many demands is that Equifax have its security audited, tested and trained and that the company purges information it doesn't need.
WSB-TV's Nicole Carr visited the Clark Howard Consumer Action Center, where volunteers have received nearly three times their normal call volume with concerns about Equifax.
Volunteers said more than 500 calls came in Wednesday and 99 percent of them were about Equifax.
"I've been here for 20 years. This is the busiest day we've had," said Consumer Action Center volunteer Lori Silverman.
She said volunteers are working to ease fears about the data breach.
"Because 140 million people are trying to freeze their credit, the sites are crashing and they're unable to thaw their credit. That's a difficult situation to be in," she said. "We're recommending (everyone) hang tight. Hopefully, all of the hysteria will slowly go away and within the next couple of weeks you'll be able to freeze your credit."
The Consumer Action Center recommends you freeze your credit through Credit Karma. Equifax has rescinded fine print that kept consumers from suing them if they signed up for their free credit file monitoring and identity theft protection.
"Now they say they're backing off of that, but I would advise everybody: Do not interact with Equifax right now," Barnes said.
Credit reporting juggernaut Equifax announced Thursday that its information was compromised in a major cyberattack affecting 143 million Americans – or two-thirds of people with credit reports.
Hackers were able to get birth dates, Social Security numbers, credit card numbers and addresses, according to Equifax, leaving some to wonder how they can protect themselves.
Here are some tips for ensuring your information is secure:
Find out whether you were affected by the hack through Equifax’s website. The site asks for a person’s last name and the last six digits of their Social Security number in order to determine whether the person was caught in the breach.
Don’t bother with Equifax’s monitoring service, Clark.com reported, noting that the company offering the service is the same one that was hacked.
“The only way to truly protect yourself is with a credit freeze,” Clark.com reported, recommending that people freeze their credit files with all three of America’s major credit reporting companies: Equifax, Experian and Transunion. Doing so does not affect whether or not a person can use already existing lines of credit.
Review your credit report and put a fraud alert on it if you are affected, Popular Mechanics suggested. A fraud alert will make it necessary for banks and credit companies to jump through extra hoops to confirm your identity. The magazine noted that a fraud alert filed with any one of America’s three credit bureaus -- Equifax, Experian and Transunion -- will be shared between the three.
Whether or not you decide to put a fraud alert on your credit file, you can still obtain a free credit report once every 12 months from each of the credit bureaus. The reports can be obtained through annualcreditreport.com or by completing and mailing an annual credit report request form, according to the Federal Trade Commission.
You may order your reports from each of the three nationwide credit reporting companies at the same time, or you can order your report from each of the companies one at a time. The law allows you to order one free copy of your report from each of the nationwide credit reporting companies every 12 months.
Credit reporting and technology company Equifax had data compromised in what it said was a cybersecurity incident that affected 143 million customers in the U.S.
Here is what you need to know about the incident:
Equifax learned of the incident in July 2017. The breach occurred from mid-May through July 2017.
According to the FAQ on a website the company created to provide customers with information on the hack, Equifax found out about the breach July 29. The company said it “acted immediately to stop the intrusion and conduct a forensic review.” The company says the situation has been contained.
Birth dates, Social Security numbers, credit card numbers and addresses are among the information accessed.
Equifax said that in some instances, driver’s license numbers were also accessed by hackers. Some personal information from UK and Canadian residents was also accessed.
Consumers can enroll in free identity theft protection and credit monitoring.
Equifax has offered free credit monitoring for a year through its subsidiary TrustedID Premier. According Equifax, the credit monitoring service also provides Social Security monitoring, a credit report lock, credit report and identity theft insurance.
Consumers can go to EquifaxSecurity2017.com to find out if their information was impacted by the breach.At the website, consumers can click the “check potential impact link and enter their last name and the last six digits of their social security number. The consumer will get a message alerting them whether or not their data was compromised.
Sign up below to be added to our mailing list for the latest news, updates, access to exclusive contents, and more!
Take www.y100fm.com everywhere you go! Download your app below from the Google Play Store or Apple App Store:
Enable our Skill today to listen live at home on your Alexa Devices!