Equifax Has a Stunningly Bad Web App for Signing Up for TrustedID

After Equifax finally revealed that they had been breached and personal credit information (and credit card numbers) on as many as 143 million Americans had been stolen, they created EquifaxSecurity2017.com for information and enrollment which, as it turns out, should have been named EquifaxINSECURITY.com.

Why? It’s because of trying to sign up and having their web application for TrustedID not come up, return an error, and then finally display after two minutes without a theme! As you will see from the screenshots below, someone like me with A LOT of cyber security knowledge is concerned, even though I did verify that their certificates were valid but my Equifax trust level is very, very low.

View five screenshots of why this failed and why even me, someone with the skills to determine if this is a real app loading from Equifax, don’t trust it:

I receive this activation email eight hours ago, verify the link is valid, and click on it to open my default web browser (Chrome).

The site looks real. The SSL certificate is real. So I take a chance and enter my birthdate.
First I get an error “Unable to connect” which, I assume, is their server-based application not loading but it keeps trying FOR OVER TWO MINUTES. WTF?
After about 1.5 minutes this comes up. No theme, just the barebones web application for TrustedID. There is absolutely NO way I would EVER enter my SS number and other critical information within this app.
Then I open up another browser but of course, the token in the email link no longer works and TrustedID assumes I successfully sign up (sigh…).
Who is running this Equifax shit-show? You would think after two key C-level executives resigned that someone in the organization would step-up their game, scale their servers, and ensure that these sorts of sign-ups actually work!

So I guess I’ll do what they say and “If you have any questions, please contact our call center at 877-742-1415.”