Moody's has cut its rating outlook for Equifax in consideration of a disastrous security breach which led to the theft of over 146 million user records. The Apache Struts Project Management Committee said at the time the attackers behind the breach "either used an earlier announced vulnerability on an unpatched Equifax server or exploited a vulnerability not known at this point in time." Equifax revealed an unpatched system was at fault, despite the bug's disclosure and a patch being made available two months before the data breach occurred. However, the cost to Equifax is far more substantial, with Q1 2019 earnings also revealing $786.8 million in general costs due to the data breach, $82.8 million in data security costs, $12.5 million in legal fees, and $1.5 million in product liability charges, as noted by IT Pro. The consequences of a major security incident or data breach can now have a long-term financial impact for a victim company and so the responsibility now lies on corporations to strengthen their security practices as much as possible to mitigate the risk of attack -- as well as reduce the risk to investors.