Select Page

Equifax, caught in hot water this past week, have had a series of flabbergasting revelations from being hacked months before the massive breach and allegedly been pointing people to a fishing site.

The news reports that the company’s computer systems have had the hacking manifesto as its burden as early as March this year, pointing the same crew as the culprit for the incident of “The Hack.”

Affecting 143 million Americans and stealing approximately 400,000 pieces of confidential information, the Equifax hack was a perfectly executed “hacktivity,” which started in an unnoticeable intrusion to its database.

Bloomberg notes that “three people familiar with the situation”  snitched about the stealthy tactic. One of them told the publication that “the breaches involve the same intruders.” And it’s not like Equifax didn’t know about it at the time. As Bloomberg reports, the company hired a cybersecurity firm to investigate the March breach.

But wait, it gets worse.

“Potentially, the same hackers may have been able to return to Equifax’s systems to pilfer massive amounts of information is especially baffling considering the vulnerability the hackers reportedly used known to exist last March,” according to Bloomberg.

Authorities speculate that the Equifax breach is connected somehow to the Apache Struts vulnerability which also proliferated last March. Equifax could’ve forestalled this illegal intrusion before September 7th, when all of their information went under siege.

To add salt to the wound, Equifax has been inadvertently propagating its own, homegrown fraudulence.

Equifax unknowingly directed people to a phony, copycat version of their hacking help page. Here, people filled in their information thinking it this disguised site help page belonged to Equifax for weeks!

Fortunately for Equifax, this move was spearheaded by Nick Sweeting- a software developer who initiated this knockoff to help the public understand about the perils of phishing. This page is a dummy catch basin, and even Equifax did not notice it, stating that they are not vigilant enough and are downright negligent about their security measures.

Sweeting wrote to Fortune in a direct message on Twitter, “As it stands, their site is dangerously easy to impersonate, it only took me 20 minutes to build my clone.”  “I can guarantee there are real malicious phishing versions already out there,” Sweeting added.

“I just hope the employee who posted the tweet doesn’t get fired, they probably just Googled for the URL and ended up finding the fake one instead,” Sweeting said.

These revelations surely demonstrate the quagmire that Equifax executives who sold approximately $2 million of their stock before the media caught wind of the breach. The Senate Finance Committee is now putting this matter under scrutiny.