Equifax’s Mega-Breach Was Made Possible by a Website Flaw It Could Have Fixed

Good website security is tough, but the consequences of bad website security can be far tougher. That appears to be one of the big lessons coming out the debacle surrounding Equifax’s mega-breach, which has “humbled” the credit-reporting giant.

On Wednesday, Equifax gave an update on its investigations of the breach, explaining that it had identified the culprit—a vulnerability on part of its U.S. website, specifically a flaw in the open-source Apache Struts framework it used to build its web applications.