MILWAUKEE, Wis.–The Equifax breach hasn’t just demonstrated security weaknesses in the U.S.; the company is also vulnerable in other countries, according to one cybersecurity firm that found a password weakness that has also been found at some credit unions.
According to Hold Security, it was able to uncover personal employee information housed on Equifax's South American site, including names, emails, and Social Security equivalents of over 100 individuals. How easy was it for researchers to acquire administrative access? As easy as using the same user name and password: “admin.” Credit union tech vendors have in the past told CUToday.info they have found CUs that never changed the initial “admin” user name/password on their systems.
Once inside Equifax’s system, Hold Security said quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers.
Equifax promptly shut down the website after the research was made public by a security blogger named Brian Krebs, according to CNBC.
In a statement to CNBC, Equifax said, “We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week. We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions."