The company, whose disclosure last month sparked an outcry and a congressional investigation, issued a statement after a news report said malware was installed on one of the credit reporting agency’s web pages.
The news site Ars Technica, citing an independent security analyst, reported visitors to the Equifax site were being tricked into downloading an “adware” program which, when installed, delivers unwanted marketing messages.
“We are aware of the situation identified on the equifax.com website,” an Equifax spokesman said in a statement.
“Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”
A short time later, Equifax said the issue related to a third party vendor it uses to monitor web performance.
The vendor’s code running on an Equifax website “was serving malicious content,” according to the updated Equifax statement, which added that the page was taken offline for analysis.
“Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal,” the company said.
Equifax, which gathers data on consumers for credit inquiries, has blamed a combination of human and technical error for the massive breach — not the largest on record but potentially the most damaging because of the sensitive financial information on consumers it holds in its databases.
Equifax said the attack may also have compromised data on nearly 700,000 Britons.
The breach led to the retirement of Equifax chief executive Richard Smith, who has remained as a consultant to the company during the investigation.
