Dear Valued Equifax Member,
At Equifax, data security and ensuring the integrity of that data is paramount to us. As part of our comprehensive, multi-layered protection protocol, we continually review our enterprise systems and make any necessary updates to ensure our web sites and applications are safe for business and consumer users. Equifax undertakes internal and external vulnerability scans as part of its regular business processes, and as part of its ongoing commitment to the implementation and operation of security best practices.
Recently, the Equifax team was made aware of the SSLv3 “POODLE” (Padding Oracle On Downgraded Legacy Encryption) issue. Our Security and IT Teams have evaluated the threat and potential impact to our environment and we are progressing with changes to disable SSLv3 from affected platforms. As a result of our testing Equifax Canada will disable SSLv3 connections across all applications and platforms starting November 21st, 2014 and completing on December 5, 2014.
SSLv3 is primarily utilized by legacy internet web browsers such as Internet Explorer 6. To ensure you are not impacted by this change, please ensure modern browsers and clients are in use and support the TLS encryption protocols. Additional information and TLS supported browsers can be found at the below URL:
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
2.6.3 Rule - Only Support Strong Protocols
Please be aware that the Equifax security team will remain diligent in its monitoring for this potential threat and we will update you of any significant developments.
Sincerely,
Equifax Canada Co.