Equifax's stock plunged at the news of the latest breach, a Wall Street Journal reporter noted on Twitter.
"We are aware of the situation identified on the equifax.com website", an Equifax spokesman said in a statement.
Equifax said that, out of an abundance of caution, the Atlanta company has taken the affected page offline, and it's looking into the matter.
Already in the midst of the worst year ever for a credit-reporting agency, Equifax said Thursday that it was the victim of another cyberattack, this time involving a fake Flash downloader that greeted some people on its website.
It's been a couple of months since Equifax reported that the company was hit with a hack that exposed the personal data of 145 million users in the U.S. Now, a the company has taken down a customer help website over another potential hack.
For these Canadian consumers, Equifax says the information that may have been accessed includes name, address, social insurance number and, in "limited cases" credit card numbers.
Still, while the company claims that its own servers weren't hacked, it's unclear if any visitors were nevertheless compromised because of code that it appeared on its site. The United States Computer Readiness team detected and disclosed the vulnerability in March, and Equifax "took efforts to identify and to patch any vulnerable systems in the company's IT infrastructure". As Ars Technica reports, the issue was brought to light by security analyst Randy Abrams, who discovered that the site's redirects eventually pushed a download that has been flagged for both adware and malware.
- With files from The Associated Press.