Equifax, the credit monitoring company, is in trouble again, just a few days after revealing that hackers compromised its personal and financial data stores, affecting nearly all of the company's 143 million customers which is 40% of Americans.
In response, Equifax set up a site where potential victims could use several digits of their social security number and their birth date to find out whether they were one of the affected individuals, EquifaxSecurity2017.com. That site, though, wasn't part of Equifax's corporate website, and users risked giving information to a third party, just by visiting the "safety check" page.
Matters became more complicated on Monday when Equifax's Twitter account tweeted out the wrong safety page link, sending customers to SecurityEquifax2017.com, a faux version of the Equifax site that looks identical in every way to the original site, except that it has no authority to collect any sensitive customer information.
Programmer Nick Sweetling created SecurityEquifax2017.com as a test to see if users leaving Equifax's site would give their information to an untrusted third-party site, and to prove how reckless Equifax was being in response to the hacking incident.
Sweetling didn't anticipate that Equifax itself would tweet out the site. But they did. Three times. Each time sending customers to a site that had no official connection to Equifax's security protocol.
Once they figured out their mistake, Equifax deleted their tweets, but not before the fake site's URL went out to thousands of Equifax's followers, and three people who tweeted questions at Equifax, specifically.
This is the third time in the wake of Equifax's hacking scandal that the company has been forced to defend its "clean up." Besides the error tweets, customers have complained of unfriendly service agents who direct them back to the EquifaxSecurity2017 website only, and immediately following the attack, lawyers became concerned that users who failed to read the fine print on Equifax's security check sites were signing away their right to sue the company later.