U.K. Information Commissioner’s Office issued a monetary penalty notice against Equifax last week. Equifax created a “GCS dataset” – for Global Consumer Services – that attackers compromised. The company stored plaintext copies of users’ passwords in a plaintext file, when its own cryptographic standards stated that passwords should only be stored in encrypted, hashed, masked, tokenized or other approved formats. Many consumers would never have known that the company was acquiring, selling or storing their personal details.”]
Source: https://www.govinfosecurity.com/blogs/was-equifax-so-stupid-about-passwords-p-2666

