They should be sued out of existence.
I'll get to that later, what's the worst that could happen?
How in the hell can these major corporations be that lax on Information Assurance? Hell most of its automated now a days. If this crappy company doesn't sink. I'm going to allow them to pay me to patch there scuzzy network.
The Equifax breach is less revealing than the Homeland Security breach of last year & they faced no lawsuits. Homeland just sent letters telling all the gov employees & contractors that they had no recourse. If fools are guarding the data, there is no security.
The issue was surely raised within Equifax when the vulnerability was first disclosed. It is likely that expedited patching was proposed, and subsequently shot down, as being too risky to production. Happens all the time in big corps.
Who will take the fall? The little guys who couldn't patch because management wouldn't let them. Welcome to IT in the corporate world.
Big companies are terrified to release to production. And this is the result.