While Equifax continues to deal with the fallout of the massive data breach it announced in September, a security expert is raising fears that the consumer credit rating agency might have another security problem on its hands.
A malicious pop-up asked Abrams to download something claiming to be Adobe Flash. Equifax says it took the page down "out of an abundance of caution" as it investigates.
The consumer credit reporting company said its security teams are looking into another possible breach barely one month after it disclosed a hack that left exposed the personal information of 145.5 million people.
Since news of Equifax's massive data breach broke last month, the company is facing investigations in Canada and the US, as well as at least two proposed class actions filed in Canada.
The adware appeared on a part of the Equifax website where people can learn how to get a free or discounted credit report. Numerous federal agencies and state attorneys general have opened investigations. As of Thursday afternoon, that website is no longer available. "We are working diligently to better serve you, and apologize for any inconvenience this may cause".
Abrams says he was able to duplicate the pop-up four or five times, but that Equifax itself was likely not hacked.
The breach was first noticed by Randy Abrams, an independent security analyst that had been visiting the site to flag fraudulent activity on his credit report.
"Despite early media reports, Equifax can confirm that its systems were not compromised", Marisa Salcines, a spokeswoman for the company, said in a statement.