Equifax has become a giant dumpster fire

The credit reporting agency has yet another security blunder on its hands.

It's not been a week since Equifax revealed the details of 143 million American consumers had been compromised in a data breach, and the dumpster fire continues.

The credit reporting agency, which holds some of your most precious personal data (despite never having gained your consent to hold this information) has stumbled from shambolic mess to shambolic mess since disclosing the breach last Friday.

This latest revelation might just take the cake, however, with cybersecurity expert Brian Krebs revealing on his blog a rather gigantic security flaw in Equifax's Argentinian operations.

A Wisconsin-based security firm examining Equifax's South American operations found an online portal designed for use by employees in Argentina, which could be accessed in the following way:

Username: admin

Password: admin

Krebs, who revealed the 2013 Target data breach, says that using this password, hackers could eventually gain access to the personal details of some 14,000 people who made complaints to Equifax – including the Argentinian equivalent of their social security number.

Now this doesn't affect American consumers in any way, but it serves to highlight the astonishing ease with which Equifax, which holds highly sensitive information including SSNs, credit card numbers, names and addresses, could be compromised.

Equifax told Cnet that it had learned of a "potential vulnerability in an internal portal in Argentina" and acted immediately to "remediate the situation," saying there's no evidence consumers or customers were affected.

It's been a bad week for Equifax

As Cnet explains, Equifax has seriously fumbled the response to its American hack, first by failing to disclose it for six weeks, and then by creating a tool to check whether you've been affected by the breach that produced seemingly random results.

It then encouraged people to sign up for a free year of its TrustedID protection service, which featured small print that very much made it seem like anyone who signed up would be waiving their right to sue Equifax for the data breach.

Equifax eventually clarified this week that nobody who joins it is signing away any rights to legal action.

And finally, in the wake of the breach, consumers concerned about their identities being stolen were encouraged to freeze or set up fraud alerts on their credit reports held by Equifax, Experian and TransUnion.

But ZDNet reports that Equifax's own fraud alert page is also vulnerable to hacking, with security experts noting it can be easily "spoofed" to allow hackers to siphon off even more personal information.

Like we said, dumpster fire.

The FTC has just released new guidance on whether you should get a credit freeze or fraud alert in the wake of the Equifax breach, which you can find here.

Next Up

Derek Chauvin

Watch live: Verdict in Derek Chauvin murder trial

The verdict will be announced between 3:30 p.m. and 4 p.m. Tuesday, April 20.

derek chauvin trial

LIVE UPDATES: The Derek Chauvin verdict and reaction

We bring you the latest reaction after the verdict in the Derek Chauvin trial.

derek chauvin court - closing arguments

Verdict reached in Derek Chauvin murder trial

A verdict will be read Tuesday afternoon.

logan olson gofundme

18-month-old boy who nearly drowned welcomed home with police escort

Logan Olson was found in a retention pond in Stewartville on April 7.

covid, vaccine

Is Minnesota's latest surge plateauing? Expert says 'no idea'

Hospital admissions have leveled off in the past week, though ICU cases have risen.

U of M police

U of M alert: Man followed victim from bus, tried to break into apartment

The suspect followed a man off a bus and tried to get into his apartment.

24436 Old Hwy 13 Blvd, New Prague, Minnesota

New Prague bar that disregarded shutdown order settles lawsuit

The bar was cited for several violations late last year.

Cole Leon Venables - edit

Charges: Impaired pizza delivery driver fatally hit woman in Hopkins

The woman who was killed was walking down the sidewalk when she was hit and killed.


Is Equifax going to get away with compromising all our data?

The investigation into the credit-monitoring agency is being scaled back.

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

Equifax may have had another cyber attack

Come on now, this is getting ridiculous.

The Tip Jar: Should you accept Equifax's free credit lock offer?

A credit freeze or a fraud alert looks like a better bet.

Monopoly man crashes ex-Equifax CEO's Senate hearing

Rich Uncle Moneybags was in da house ... erm, senate.

Things somehow keep getting worse for Equifax

The credit agency had been hacked in March, in a separate breach.

Social security numbers stolen from Equifax, and you're probably affected

The huge data breach was discovered in July and confirmed on Thursday.