Equifax said on Thursday it had withdrawn a website and began investigating a possible cyber attack weeks after discovering a violation of personal data at the credit bureau that affected some 145 million people.
The company, whose disclosure last month triggered a protest and an investigation by the US Congress, issued a statement following a new report alleging that a virus was installed on one of the websites of the credit information agency.
The news site Ars Technica, which cites an independent security analyst, reports that visitors to the Equifax site had been misled by downloading an adware, a program that, when installed, drops unsolicited marketing messages.
Through a statement to media, the company added that “it can confirm that their systems were not compromised and that the reported inconvenience did not affect our online claims portal.”
“This inconvenience involves an outside vendor that it contracts to collect information on the performance of its website and the code provided by the latter running on the Equifax website contained malicious content. Since we learned of this inconvenience, the provider code was removed from the website and it was disabled for a more comprehensive analysis, “said Equifax.