Hackers exploited the CVE-2017-5638 Apache Struts vulnerability that was fixed back in March, but the company did not update its systems. UK division of the credit reference agency has revealed that 400,000 UK people were affected due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016. The information was restricted to: Name, date of birth, email address and a telephone number, and Equifax can confirm that the data does not include any residential address information, password information.”]
Source: http://securityaffairs.co/wordpress/63109/data-breach/equifax-data-breach-britons.html