Equifax mega-leak: Security wonks smack firm over breach notification plan

Equifax had weeks to prepare for its breach notification, so its decision to do so via a basic Wordpress site (oh, err) using a free shared CloudFlare SSL cert is somewhat puzzling. “For some reason Equifax used the 6 weeks to set up a new domain asking for SSN numbers, with anonymous Whois on Cloudflare,” said security consultant Kevin Beaumont.

The whole approach already seems to have gone awry, with OpenDNS flagging up the site as a potential phishing locale in an apparent false positive.