Equifax on Thursday apologized on behalf of some of its support staff who sent consumers worried about a massive data breach to a fake website.
Earlier this month, the credit monitoring company announced it was the victim of a cyberattack and that the sensitive personal information of 143 million people was likely stolen by hackers. The company set up a website, equifaxsecurity2017.com, to help consumers understand the situation and sign up for credit monitoring.
However, staff operating Equifax's Twitter account sent concerned consumers to another website with a similar name-securityequifax2017.com. The data breach was announced on September 7 and Equifax's Twitter account began directing people to the bogus website as early as September 9. The tweets were later deleted.
The fake website was set up by cybersecurity analyst Nick Sweeting to criticize the company's decision to create a support website outside of its Equifax.com domain. Sweeting thought that hackers could easily set up copycat websites with similar web addresses in order to gather the personal data of confused consumers. Securityequifax2017.com, which has since been removed, looked similar to the official website but was very critical of the company.
Equifax's Twitter account linked to Sweeting's site at least eight times, Sweeting said on Twitter.
The company's apparent gullibility has added fuel to consumer anger about how it has handled the hacking, which was discovered in late July but not announced until more than five weeks later.
"All posts using the wrong link have been taken down," Equifax said in a statement. "We apologize for the confusion. Consumers should be aware of fake websites purporting to be operated by Equifax."
Also on Thursday, the Senate Committee on Banking, Housing and Urban Affairs announced it will host Equifax CEO Richard Smith at a hearing on October 4, regarding the hack.
