The 2017 data breach at Equifax was possible because the company did not act to resolve a flaw in the open source Apache Struts framework.