Last month, Equifax disclosed that it had sensitive information from 145.5 million people compromised, leading to multiple investigations and a Justice Department probe. To serve the adware up to visitors, the hackers appear to have redirected them from Equifax's site to shady web pages that host the malicious software.
The security analyst, identified as Randy Abrams, accessed Equifax's website to report some false information on his credit report, according to Ars Technica.
Once clicked, the phony Flash reportedly downloads adware onto the user's computer that fills their internet browser with ads.
Anyone impacted by the breach is now at risk of identity theft and fraud - as any piece of this personal information can be used by, or sold to, criminals who can use it to open credit cards, take out loans, make purchases in your name - or even drain your bank accounts.
Equifax shares dropped as much as 3.5 percent Thursday after it said it has disabled one of its customer help online pages and is investigating another possible cyberbreach.
Equifax - whose multimillionaire CEO made a decision to set sail from the company weeks after the announcement that, under his watch, the information of 143 million Americans was obtained by hackers - was sending visitors of its website to the completely bogus software update.
A number of executives have left the company since then, including CEO Richard Smith.
Trump says likely to sign new healthcare order this week
If a business has enough employees that require expensive health care, premiums for everyone in that workplace could be jacked up. White House officials said over time , the policies flowing from the president's order will give consumers more options.