Equifax has taken part of its website offline after a security analyst reported a malicious link on the site redirected him to a third-party site that encouraged him to download malware.
Security analyst Randy Abrams said he encountered the malicious link when downloading his credit report.
A link on the Equifax site now directs users to an announcement that the page is down for maintenance.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline,” Equifax said in a statement. “When it becomes available or we have more information to share, we will.”
Shares dropped as much as 3.5% Thursday.
“This incident is yet another unfortunate example of how easy it is to compromise a website,” Chris Olson, CEO of The Media Trust said in an emailed statement.
The potential hack, first reported by Ars Technica, spells more trouble for Equifax, which a month ago disclosed that a massive data breach exposed the Social Security numbers and birthdates of as many as 145.5 million Americans.