Credit report company Equifax Inc said it was a third-party vendor that served malicious content on its website and it has taken the page offline to conduct further analysis. “Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal,” Wyatt Jefferies, a spokesman for Equifax said in an email.
The unidentified third-party vendor was responsible for collecting website performance data and had code running on Equifax’s website, Jefferies said. An independent security analyst found on Thursday that the removed page had been altered to trick visitors into installing malware, according to a report on technology news website Ars Technica.
When Equifax updated the number of affected accounts on October 2, the company had said it hired a company, Mandiant, to investigate the breach. In reply, Mandiant, has concluded its investigation and plans to release the results “promptly”, and also said it would update its own notification for people who want to check if they were among those affected by October 8.
Equifax shares had dropped as much as 3.6 percent, the most intraday since September 15, after the company said its security team was investigating reports of another possible cyber attack. The company is still reeling from the massive data breach it disclosed last month that compromised the private data of more than 145 million Americans, which was a part of the Social Security Number data that it stores.