What we seem to know is that the cyber-attack against Equifax arose from the exploit of a Known Vulnerability, which Equifax failed to patch. The patch was released on March 8. The cyber-attack continued undetected and unimpeded for months, until discovered at the end of July. Then, for murky reasons, Equifax did nothing until September 7, when it notified authorities and the public of the massive data breach. The CEO has been forced out. The head of IT is gone. And so, too, other executives. In the media and before Congress, Equifax has floated several justifications.