Equifax in its disclosure was not particularly forthcoming about how the attackers got into its systems. There's considerable speculation online that the hackers exploited a patchable but unpatched flaw in Equifax's website. The company says it noticed the breach on July 29th, and that it's called in a security company (FireEye's Mandiant unit) to help with remediation.