There is some debate as to which Struts exploit was used. If it was the one from Sept, 2017 then you make a valid argument. However, if the exploit used was years old then the fault clearly lies on Equifax for not keeping their servers up to date.
Also, didn't the Equifax breach happen in May, 2017? If so, I fail to see how the Sept, 2017 exploit plays into this unless it was in the wild months before it was published in Sept, 2017 - which I find hard to believe.
Also, didn't the Equifax breach happen in May, 2017? If so, I fail to see how the Sept, 2017 exploit plays into this unless it was in the wild months before it was published in Sept, 2017 - which I find hard to believe.