Equifax said Wednesday a months-old but apparently unpatched web server vulnerability allowed the massive data breach that exposed the personal financial information for roughly half the US population.
Equifax said it identified Apache Struts CVE-2017-5638, a flaw that was first identified on March 6, as the hack’s gateway. The company located the problem with the help of an unidentified cybersecurity firm. Patches for the vulnerability were made available less than a week later.
It wasn’t immediately clear why the flaw still existed on Equifax’s servers in mid-May when the massive,…