Equifax bungles data breach follow-up

In September 2017, soon after announcing the company had suffered a major data breach that exposed sensitive information pertaining to about 150 million people, Equifax set up a poorly secured website intended to help people determine whether they had been affected. The site was flagged by numerous browsers as a phishing threat; gave the same people different answers on different devices; and offered some people a monitoring service instead of a clear answer. A few weeks later, Equifax began sending out emails to consumers notifying people who had signed up for the monitoring service that broke many standards of good practice: the emails came from one domain but asked recipients to respond by clicking a link to go to a different but similar, brand-new one.

https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/

https://krebsonsecurity.com/2017/09/equifax-or-equiphish/

tags: Equifax, data breaches, security, credit scoring, phishing

Writer: Brian Krebs

Publication: Krebs on Security