The personal information of 143 million Americans might have been compromised in a massive cybersecurity breach at the credit-reporting service Equifax reported earlier this month, and in the intervening days, the company has been heavily criticized for its response to the crisis. The story, though, gets much worse: Equifax has reportedly been linking customers looking to determine if their information was compromised to a phony phishing website, Fortune reports.
The real website can be found at equifaxsecurity2017.com, but a customer service agent who signed tweets as "Tim" linked at least eight people to securityequifax2017.com.
The fake website was built by software developer Nick Sweeting, who wanted to prove how easy it was for scammers to replicate the Equifax website as a means of tricking people into handing over personal information, Fortune reports. Although Sweeting carefully labeled his website as "totally fake," it still worked — too well. "Equifax just linked customers to my fake phishing version of their website by accident," he tweeted.
Equifax has since removed all the incorrect posts and apologized for any confusion.
Sweeting added: "I just hope the employee who posted the tweet[s] doesn't get fired, they probably just Googled for the URL and ended up finding the fake one instead. The real blame lies with the people who originally decided to set the site up badly." Read the full report at Fortune and learn how to protect yourself after the breach here at The Week.
Editor's note: This article has been slightly revised to more specifically explain the nature of Sweeting's website.