Equifax takes down web page after possible new hack
Last Updated Oct 12, 2017 4:16 PM EDT
NEW YORK - Equifax (EFX) has taken down one of its web pages after reports that another part of its web site had been hacked as well.
The news comes as Equifax continues to deal with the aftermath of hackers breaking into its system earlier this year which allowed the personal information of 145.5 million Americans to be accessed or stolen.
Hackers reportedly altered Equifax's credit report assistance page that would send users malicious software pretending to be Adobe Flash.
Equifax said that, out of an abundance of caution, the Atlanta company has taken the affected page offline, and it's looking into the matter.
A slew of federal agencies and state prosecutors are investigating Equifax. The company's former CEO, who left the company in the aftermath of the data breach, admitted to lawmakers earlier this month that a combination of human and technology failures enabled the cyber attack.
"This new announcement from Equifax is just Reason No. 10,000 why consumers should assume their personal information is already out there and act accordingly," said Matt Schulz, CreditCards.com's senior industry analyst. "It's a scary thing to wrap your brain around, but the truth is that you're better off assuming the worst and taking steps to protect yourself."
After its systems were penetrated, Equifax pointed to a flawed web server gateway called Apache Struts CVE-2017-5638.
Jeff Williams, co-founder of Contrast Security, linked the latest hack to third-party software used by Equifax called Fireclick. "Basically, a very similar problem with two quite different pieces of code," he said.
"Anyone using the Fireclick library may have been affected, and the attackers may not even know that they compromised Equifax," Williams added.
Equifax shares sank 1.3 percent in afternoon trading to $109.95.
© 2017 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.