This Wall Street Journal report gives more details on how the Equifax hack happened — more for me, at least.
The report also includes this statement suggesting that Equifax's security is not so great:
Alex Holden, chief information security officer of identity-theft monitoring company Hold Security LLC, says Equifax has long been considered a target for identity thieves. Last week, Hold said it discovered it was possible to access an Equifax-operated employee portal in Argentina by using the easily guessed username and password combination “admin/admin.”
And then there's this passage quoting a speech given just last month by Equifax CEO Richard Smith:
Equifax began as a local firm that gathered and published information about the paying habits of retail store customers. It grew by buying rivals and became a nationwide company. When Mr. Smith, a General Electric Co. veteran, became CEO in 2005, Equifax was a staid company centered on the collection of credit data, according to comments he made last month at a University of Georgia event.Mr. Smith changed that. Equifax branched out to become a larger data provider, purchasing companies that had information about consumers’ bill-paying habits and salary information for employees at large companies. Equifax is now a “world-class, state-of-the-art” technology and data-analysis company, he said at the event last month. Every day, Equifax manages 1,200 times as much data as is in the Library of Congress, he added. “It’s been a fun journey, a journey that we’re all very, very proud of.”