The Equifax breach, as an example, was traced back to some vulnerability in the Apache Struts Website server software. If the corporate experienced mounted the security patch for this vulnerability it could have prevented the problem, but sometimes the application update by itself is compromised, as was the case https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network