NEW YORK (Reuters) - Equifax Inc said on Thursday it has taken one of its customer help website pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of more than 145 million people.
The move came after an independent security analyst on Wednesday found part of Equifax's website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported.
"We are aware of the situation identified on the equifax.com website in the credit report assistance link," Equifax spokesman Wyatt Jefferies said in an email. "Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline."
Notable data breaches in the US
Notable data breaches in the US
Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell
LONDON, ENGLAND - AUGUST 19: A detail of the Ashley Madison website on August 19, 2015 in London, England. Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday fulfilling a threat to release sensitive information including account details, log-ins and credit card details, if Avid Life Media, the owner of the website didn't take Ashley Madison.com offline permanently. (Photo by Carl Court/Getty Images)
Katherine Archuleta, director of the U.S. Office of Personnel Management (OPM), speaks during a House Oversight and Government Reform Committee hearing on the OPM data breach in Washington, D.C., U.S., on Wednesday, June 24, 2015. U.S. senators said yesterday they doubt the government's personnel office understands the breadth of a computer hack that exposed the records of more than 4 million federal workers, or that the agency can stop another breach. Photographer: Andrew Harrer/Bloomberg via Getty Images
WASHINGTON, DC - JUNE 05: The entrance to the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
SCHAUMBURG, IL - AUGUST 04: A statue of a horse stands at the entrance to a P.F. Chang's restaurant on August 4, 2014 in Schaumburg, Illinois. P.F. Chang's China Bistro Ltd. said today that the company experienced a data breach involving customers' credit and debit card information which affected 33 restaurants in 16 states, including the Schaumburg, Illinois location. (Photo by Scott Olson/Getty Images)
PORTLAND, ME - AUGUST 15: Shaws on Congress Street on Friday, July 15, 2014. Shaws parent company is investigating a possible data breach. (Photo by Logan Werlinger/Portland Press Herald via Getty Images)
COLMA, CA - APRIL 18: Customers enter a Michaels art and crafts store on April 18, 2014 in Colma, California. Michaels, the largest arts and crafts chain in the U.S., announced that an estimated 2.6 million cards used at its stores across the country may have been affected by a security breach. Aaron Brothers, a subsidiary of Michaels, was also affected by the breach. (Photo by Justin Sullivan/Getty Images)
CORAL GABLES, FL - FEBRUARY 28: A checkout keypad is seen at a Sears store on February 28, 2014 in Coral Gables, Florida. According to reports the U.S. Secret Service is investigating a possible digital attack at Sears Holdings Corp. (Photo by Joe Raedle/Getty Images)
A couple of shoppers leave a Target store on a rainy afternoon in Alhambra, California on December19, 2013, as the US retail giant said some 40 million customers may have had bank card data compromised by hackers who broke into its database as holiday shopping got underway. Target said there had been 'unauthorized access' to its payment system in US stores affecting credit and debit cards with approximately 40 million credit and debit cards possibly affected by the breach between November 27 and December 15, the company said in a statement. AFP PHOTO / Frederic J. Brown (Photo credit should read FREDERIC J. BROWN/AFP/Getty Images)
Discover More Like This
BACK TO SLIDE
The Atlanta-based company, which has faced seething criticism from consumers, regulators and lawmakers over its handling of the earlier breach, said it would provide more information as it becomes available.
As of 1:15 p.m., the web page in question said: "We're sorry... The website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon."
Equifax shares were down 1.2 percent at $109.18 in early afternoon trading.
Randy Abrams, the independent analyst who noticed the possible hack, said he was attempting to check some information in his credit report late on Wednesday when one of the bogus pop-up ads appeared on Equifax's website.
His first reaction was disbelief, he said in an interview with Reuters on Thursday. "You've got to be kidding me," he recalled thinking. Then he successfully replicated the problem at least five times, making a video that he posted to YouTube.
Equifax's security protocols have been under scrutiny since Sept. 7 when the company disclosed its systems had been breached between mid-May and late July.
The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice, and it has led to the departure of the company's chief executive officer, chief information officer and chief security officer.
As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers' defaulting.
(Reporting by John McCrank; Editing by Bill Rigby)