Link to bogus site highlights flaws in response to cybersecurity breach.

Just when it looked like Equifax was back on top of security, the company goes and points concerned consumers to a scam website that was built to (pretend to) steal their personal data.

Unfortunately, it was Equifax’s own employees that were fooled. The social media and PR teams began tweeting instructions on how customers could find out if their information was stolen and how victims could sign up for free credit monitoring.

Alas the link tweeted was to a clone site – built by security researcher Nike Sweeting –  in order to highlight the flawed response shown by the consumer credit reporting agency, following it’s huge data breach.

Credit rating firm Equifax has apologised after it mistakenly directed some customers to an imposter website via Twitter.

Equifax: A masterclass in how not to handle a data breach.

Massive breach

OK, let’s back up. Equifax built a whole new website to handle the expected flood of frightened, angry citizens whose PII was stolen in a massive data breach that affected at least 143 million US consumers. The company was reportedly urged to simply change the existing website, but no, we can’t have that… that could make the company look bad if their homepage addressed a giant cybersecurity blunder.

Clone website to prove point

In an effort to point out how pointless it was to create a new website to handle consumer complaints, Nike Sweeting built a clone of Equifax’s incident site, adding the word “security” to the domain name. Rather than the company’s legitimate equifaxsecurity2017.com site, Sweeting’s project was called securityequifax2017.com. It’s pretty easy to see how consumers could be fooled, right?

Being the good guy that he is, Sweeting’s very genuine-looking site included branded information and a sign-up box for registrants, but then immediately popped up to tell them that they had been duped into turning over their information. Equifax began scrambling to get rid of the tweets with the wrong web link, while “I told you so” announcements began pouring in.

Equifax CEO says so long

With an incident that included one mistake after another after another – including playing fast and loose with Americans’ permanent sensitive information and three executives who sold about $2 million of their own stock in Equifax after the breach was discovered but before it was announced – Equifax’s CEO, Richard Smith, has stepped down. That doesn’t let the company or the interim CEO off the hook, though. The Identity Theft Resource Center has spearheaded an online petition called “Free From All 3” to demand that all three credit reporting agencies, which includes Equifax, Experian, and TransUnion, be required to provide free credit freezes to all Americans who request them due to this data breach. The petition currently has more than 140,000 signatures, and does not mince words when it comes to the culpability of agencies who have tasked themselves with gathering and storing consumers’ data.

Care about protecting your data? Download the latest security software now, here on FileHippo.