Given the nature of the breach, I find this extremely hard to believe and, even so, less likely to place blame anywhere but in the organization as a whole for not putting processes in place to prevent it.
https://www.nytimes.com/2017/10/03/business/equifax-congress-data-breach.html