Not content with falling victim to one of the worst data breaches in history, leading credit rating firm Equifax has been sending its anxious customers to a fake website to check whether or not they have been compromised.
Fortunately for all concerned, the site’s developer had no evil intentions, but rather wanted to highlight the phishing risk posed by copy-cat sites. Developer Nick Sweeting wanted to draw attention to the hazards of setting up separate websites – outside of the usual company domain – that encourage users to disclose personal details, leaving them vulnerable to phishing scams.
To be clear, Equifax did in fact set up a website to allow its customer to check whether their data has been stolen. However, its Twitter account was for a sustained period of time directing users to Sweeting’s bogus site – which has a similar URL.
This latest security failure comes on top of the initial breach that affected 143m of its US clientele as well as thousands of UK customers. Since the disclosure the company has taken considerable flack for its inadequate security, late confession and the subsequent unethical disposal of shares by three senior staff members. Perhaps unsurprisingly, numerous lawsuits have been filed and the authorities are baying for blood, with several senior employees already resigning.
A good lesson on how not to deal with a cyber disaster.