I smell a class action lawsuit!
Equifax Confirms Apache Struts Flaw Used in Hack
… the breach was possible due to the company’s failure to patch a critical vulnerability in more than two months after its disclosure. Following the incident, others started highlighting holes in Equifax’s cyber security, including unpatched cross-site scripting (XSS) vulnerabilities reported to the company more than one year ago, and the lack of many basic protections.
http://www.securityweek.com/equifax-confirms-apache-struts-flaw-used-hack