Equifax bungles data breach follow-up
In September 2017, soon after announcing the company had suffered a major data breach that exposed sensitive information pertaining to about 150 million people, Equifax set up a poorly secured website intended to help people determine whether they had been affected. The site was flagged by numerous browsers as a phishing threat; gave the same people different answers on different devices; and offered some people a monitoring service instead of a clear answer. A few weeks later, Equifax began sending out emails to consumers notifying people who had signed up for the monitoring service that broke many standards of good practice: the emails came from one domain but asked recipients to respond by clicking a link to go to a different but similar, brand-new one.
tags: Equifax, data breaches, security, credit scoring, phishing
Writer: Brian Krebs
Publication: Krebs on Security