Equifax failed to install important security patch
The glitch was part of a common cybersecurity software program called Apache. A nonprofit security firm identified the vulnerability and published a fix that closed the loophole.
Experts told USA Today that major financial institutions that use the software should have installed the patch within a matter of days after it was publicized in March.
The Equifax hack, which exploited the vulnerability, did not happen until May.
"They should have patched it as soon as possible, not to exceed a week. A typical bank would have patched this critical vulnerability within a few days," said Pravin Kothari, CEO of CipherCloud, a cloud security company. ■