The credit monitoring company gave out the wrong website address.
Equifax, the credit monitoring company, is in trouble again, just a few days after revealing that hackers compromised it’s personal and financial data stores, affecting nearly all of the company’s 143 million customers 40% of Americans.
In response, Equifax set up a site where potential victims could use several digits of their social security number and their birth date to find out whether they were one of the affected individuals, EquifaxSecurity2017.com. That site, though, wasn’t part of Equifax’s corporate website, and users risked giving information to a third party, just by visiting the “safety check” page.
Matters became more complicated on Monday, when Equifax’s Twitter account Tweeted out the wrong safety page link, sending customers to SecurityEquifax2017.com, a faux version of the Equifax site that looks identical, in every way, to the original site, except that it has no authority to collect any sensitive customer information.
Programmer Nick Sweetling created SecurityEquifax2017.com as a test, to see if users leaving Equifax’s site would give their information to an untrusted third-party site, and to prove how reckless Equifax was being in response to the hacking incident.
Sweetling didn’t anticipate that Equifax itself would Tweet out the site. But they did. Three times. Each time sending customers to a site that had no official connection to Equifax’s security protocol.