The Equifax data breach was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident. Equifax is yet another example of the companies that became victims of massive cyber attacks due to not patching a critical vulnerability on time. The flaw was a remote code execution bug in the Jakarta Multipart Pars Pars Parser of the Java programming language that could allow an attacker to execute malicious commands on the server when uploading files based on the parser.
Source: https://thehackernews.com/2017/09/equifax-apache-struts.html