A failure to patch a known security hole becomes more believable after hearing about an egregious security hole discovered just this week. Brian Krebs reports on a situation discovered by Hold Security, where Equifax's Argentinian website left administrator access (including databases of consumer's personal information) guarded by the ultra-difficult user/password login combo of admin/admin. It allowed anyone to add or remove employee accounts for the system, as well as see their passwords by simply viewing the source of a webpage, or access the personal data of anyone (including DNI -- their equivalent to a social security number) who had ever disputed a report.

The site was taken offline after Krebs notified Equifax, but the existence of such an easily-accessed security hole is troubling. According to Reuters, over 40 US states have joined a probe against the company, and its CEO is expected to testify before a House of Representatives panel on October 3rd.

Equifax - September 13, 2017