A self-referential example of poor security.
Given the nature of the Equifax problem with a flawed version of Struts, what they really needed is proper controls limiting how open source software is used.
I’ll bet they didn’t have any controls. Programmers probably downloaded whatever open source libs they wanted, and put them into the applications with no supervision and no record of what they did. That is typical of poorly run shops.