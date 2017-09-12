Getty Images

Equifax's hack headache appears to be getting worse.

A site Equifax set up to help worried consumers create alerts and freeze accounts after the credit-monitoring firm revealed a massive data breach is also vulnerable to hack, ZDNet reported Monday. The latest reportedly vulnerability comes as the company grapples with the aftershocks of a massive hack that exposed sensitive financial information for as many as 143 million Americans.

A cross-site scripting vulnerability at the site allows hackers to spoof the site via a malicious link, allowing any personal information submitted by visitors to be siphoned off, the CNET sister site reported. Because the malicious code is included in Equifax's web address, the browser thinks the site is still secure and displays the "lock" icon in the browser window, ZDNet reported.

The alleged vulnerability is the latest to dog the company, which revealed Thursday that hackers made off with a treasure trove of financial data from as many as 143 million people in the US, including names, Social Security numbers, birth dates and addresses of customers. Equifax learned about the breach on July 29 but didn't reveal it for more than a month.

Earlier Monday, a pair of prominent US senators sent Equifax CEO Rick Smith a list of detailed questions about the hack, such as what the timeline for the security breach was and when the company became aware of it. Sen. Orrin Hatch, chair of the senate Finance Committee, and ranking committee member Ron Wyden also asked for information about when authorities and board members were informed of the hack, including three executives who sold shares in the days after the hack was discovered.

Equifax didn't immediately respond to a request for comment.

