Equifax says it knows what caused the data breach that put 143 million Americans' personal information at risk.
And it looks like the company could have saved itself a lot of trouble if it just kept its systems updated.
The company confirmed Thursday that hackers exploited weaknesses in software made by the open-source Apache Software Foundation; specifically, the Apache Struts web framework. But Apache says it's not at fault — it fixed the flaw months before the hack.
Apache issued a patch to fix the vulnerability on March 7. Equifax says the breach occurred in mid-May.
Thursday, Apache released a statement on its website, saying, "The Equifax data compromise was due to their failure to install the security updates provided in a timely manner."
Now, the company's problems are mounting.
The Federal Trade Commission announced Thursday it's investigating the breach. Multiple states, as well as the FBI, have also reportedly opened investigations.
And Senate Minority Leader Chuck Schumer demanded Equifax's leadership testify before the Senate and enact a slew of consumer protection measures, or else step down. Equifax's CEO is already set to testify before the House on Oct. 3.
And Equifax stock has taken a hit, too — most likely due to a loss of public trust.