Equifax has linked to an impostor website on its Twitter account multiple times since Sept. 9, according to CNN.
The impostor website referenced a recent cybersecurity incident at Equifax that affected 143 million consumers.
The Atlanta-based consumer credit reporting agency discovered July 29 cybercriminals gained access to its files through a website application vulnerability, potentially exposing customer financial data including names, Social Security numbers and dates of birth, among other information.
Equifax addressed customer service inquiries and complaints about the incident through its Twitter account. However, in replies to customers seeking more information, it accidentally linked some tweets to securityequifax2017.com. The company's real response website is equifaxsecurity2017.com.
Nick Sweeting, a software engineer, created the impostor website within hours of the initial breach to illustrate how easy it is to impersonate the company's website. He told CNN his goal is to encourage Equifax to move the response website to the company's more secure domain.
Equifax did not respond to CNN's request for comment. The company's tweets linking to the impostor website have since been deleted.