Hackers exploited a vulnerability in Equifax's website to gain access to sensitive personal and financial information for over 147 million Americans. Factors that contributed to the breach included Equifax's failure to patch a known vulnerability for over two months, lack of adequate security monitoring and procedures, and storing personal data in an unencrypted format.