- \n
- It was revealed that three of the firm\u2019s executives, including its CFO, cashed out of stocks and options worth some $2 million in the month between when the company first learned about the hack, and when it was disclosed to the public. A federal prosecutor in Atlanta has opened a criminal investigation into Equifax that will focus both on whether the firm was criminally negligent in failing to patch a hole in its cybersecurity systems, as well as whether the suspect stock sales constitute securities fraud.<\/li>\n
- The company\u2019s head of cyber security was revealed to have no background in computer science or security \u2013 a fact the company tried to hastily cover up by scrubbing her social-media profiles.\u00a0Susan Mauldin,<\/a>\u00a0Equifax\u2019s chief information security officer, has a bachelor\u2019s degree in music composition and a master\u2019s in fine arts from the University of Georgia.<\/li>\n
- Several Congressional committees have asked the company to turn over information relating to the hack as multiple investigations appear to be getting under way. The attorneys general of a handful of states, including Massachusetts and Rhode Island, have joined a probe into the company\u2019s handling of the breach.<\/li>\n
- The company has been hit with dozens of lawsuits from consumers alleging fraud, abuse and negligence.<\/li>\n
- Equifax CEO Rick Smith has been called to testify before a special House panel early next month.<\/li>\n<\/ul>\n<\/blockquote>\n
When Equifax first set up a website to allow consumers to check whether their information was compromised, it carried a waiver stating that by using the service consumers would forfeit the right to sue Equifax. The internet quickly exploded in outrage, and the company quickly clarified that the waiver didn\u2019t apply to this hacking incident, which\u2026sure. Now,\u00a0The Verge<\/a>,\u00a0The New York Times\u00a0<\/a>and a handful of other media outlets are reporting that Equifax accidentally tweeted the link to an imposter website set up by a white-hat hacker hoping to expose gllaring errors that the firm had made in setting up its verification website. This happened not once, but three times. And in at least one instance, the tweet with the phony link was left up for a whole day.<\/strong><\/p>\n
![\"\"](\"http:\/\/www.zerohedge.com\/sites\/default\/files\/images\/user245717\/imageroot\/2017\/09\/18\/2017.09.21equifax_0.JPG\")
<\/a><\/p>\nHere\u2019s\u00a0The Verge:<\/a><\/p>\n
\n
<\/div>\n<\/div>\n\u201cToday, Equifax ended up creating that exact situation on Twitter. In a tweet to a potential victim, the credit bureau linked to securityequifax2017.com, instead of equifaxsecurity2017.com. It was an easy mistake to make, but the result sent the user to a site with no connection to Equifax itself. Equifax deleted the tweet shortly after this article was published, but it remained live for nearly 24 hours.\u201d<\/p><\/blockquote>\n
Luckily for consumers, the fake site wasn\u2019t malicious. Instead, it was set up by developer Nick Sweeting to try and expose the glaring security vulnerabilities that the company had embedded in its recovery website, which it set up as a separate domain, rather than making it a subdomain of Equifax\u2019s main website.<\/p>\n
\n
<\/div>\n<\/div>\n\u201cLuckily, the alternate URL Equifax sent the victim to isn\u2019t malicious. Full-stack developer Nick Sweeting set up the misspelled phishing site in order to expose vulnerabilities that existed in Equifax’s response page.\u00a0\u201cI made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],\u201d\u00a0<\/strong>Sweeting tells The Verge.\u00a0\u201cIt makes it ridiculously easy for scammers to come in and build clones \u2014 they can buy up dozens of domains, and typo-squat to get people to type in their info.\u201d<\/strong><\/p><\/blockquote>\n
Sweeting says no data will leave his page and that he “removed any risk of leaking data via network requests by redirecting them back to the user’s own computer,” so hopefully data entered on his site is relatively safe. Still, Equifax’s team linked out to his page. That isn’t reassuring.\u201d<\/p>\n
\n
Not only did they tweet the wrong link, they tweeted it 3 times. #Equihax<\/a> pic.twitter.com\/T8jrhSfhqw<\/a><\/p>\n
— Nick Sweeting (@thesquashSH) September 20, 2017<\/a><\/p><\/blockquote>\n