Equifax claims it learned about the breach at the end of July. It took around six weeks to disclose it. Instead, it announced the sudden retirement of its CEO. The company directed potential victims to a new domain equifaxsecurity2017.com which was bug-ridden and flagged by some browsers as a phishing threat. The attackers gained access to the Equifax system by exploiting a vulnerability in the Apache Struts web-application, which is widely used in the enterprise. The thing is, that bug had been disclosed back in March and a patch was available.”]