Equifax announced on Thursday that it has disabled one of its customer support websites as its security team looks into reports of another cyber breach. The announcement comes after the credit reporting company recently disclosed a hack that compromised the sensitive information of more than 145 million people.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” Equifax spokesman Wyatt Jefferies said in an email. “Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”
Facing increasing criticism from consumers, regulators, and lawmakers over its handling of the earlier breach, the company says that it will provide more information as it becomes available.
A notice on the company’s homepage says “No Equifax Subscription Products for Purchase at this Time. Due to the cybersecurity incident, we are offering all U.S. consumers identity theft protection and credit file monitoring through TrustedID Premier. No other subscription products are available for purchase at this time.”
The page in question is the Equifax’s response to the Free Credit Reporting Act and is used by consumers who believe they may be the victim of identity theft or have recently received an adverse credit decision. The page currently says: “We’re sorry… The website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon.”
Randy Abrams, the independent analyst who noticed the possible hack, said he was attempting to check some information in his credit report late on Wednesday when one of the bogus pop-up ads appeared on Equifax’s website.
In an interview with Reuters, Abrams said his first reaction was disbelief. “You’ve got to be kidding me,” he recalled thinking. Then he successfully replicated the problem at least five times, making a video that he posted to YouTube.
The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice, and has led to the departure of the company’s chief executive officer, chief information officer, and chief security officer.
It has also left the company’s stock in free fall with shares down 23.59 percent, or $33.67, since it’s first announcement on September 7th.