Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts – a web application development framework – in a timely manner.
The company updated its breach notification on Wednesday, confirming security watchers’ speculations that Struts was involved in the breach, which had been based both on Equifax’s infrastructure as well as the timing of vulnerabilities in – and patches for – Struts that have come to light this year.
