Oct. 13 (UPI) — Credit rating agency Equifax announced Thursday part of its website was taken offline after a security analyst found evidence it had been hacked.
The revelation comes one month after Equifax, one of the nation’s three major credit rating agencies, announced it was the target of one of the largest data breaches in U.S. history, affecting an estimated 145 million people whose private financial and identification information was hacked.
The Los Angeles Times reported a security analyst found a link on the Equifax site had been altered and prompted users to download malicious malware that could be used to steal even more private data.
Equifax’s first data breach came after the company failed to patch a security loophole in encrypted software that was being used to shield 145 million consumers’ Social Security numbers, bank account numbers and other sensitive data.
On Wednesday night, a blogger for the tech site Ars Technica said he was attempting to download his credit report from Equifax and when he clicked the link he was presented with another link to download a version of the common Adobe Flash Player software. The trick is a common one for hackers who are seeking to install malicious software, or malware, that can capture users’ keystrokes and other data and transmit it back to the author.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” an Equifax spokesperson said in a statement. “Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”