Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too
https://www.theregister.co.uk/2017/09/20/equifax_vulnerability_could_be_widespread/
Thousands of companies may be susceptible to the same type of hack that recently struck Equifax.
The Equifax breach was the result of a vulnerable Apache Struts component. Software automation vendor Sonatype warns that 3,054 organisations downloaded the same Struts2 component exploited in the Equifax hack in the last 12 months. The affected version of Struts2 was publicly disclosed as vulnerable (CVE-2017-5638) on March 10, and was subsequently exploited at Equifax between May and late July, when the attack was finally detected.