Equifax said hackers used an Apache Struts security bug to breach its servers and steal data on over 143 million customers. Equifax did not reveal the exact date when the security breach occurred, but only when it became aware of it July 29, 2017. The breach’s actual date will be the key point that will determine responsibility in the tens of class-action lawsuits filed in the last week. It is unclear if Equifax was breached before the Struts zero-day became public, or months after Apache made a patch available.
Source: https://www.bleepingcomputer.com/news/security/equifax-confirms-hackers-used-apache-struts-vulnerability-to-breach-its-servers/