In 2017, Equifax reported a security breach in which more than 140 million customers’ personal information was compromised, including Social Security numbers, credit card numbers, and addresses. The vulnerability was found not in the code that Equifax had written but in one of its open source dependencies, Apache Struts. The security vulnerability had been disclosed with a CVE ID several months before, and a patch had been released, but Equifax’s developers failed to update the company’s software in time.
