The credit bureau's leakage and widely reported missteps in its assessment tool could proffer a cautionary tale for other organizations.

Most cybersecurity experts now agree that organizations should be planning incident response strategies for when, not if, their companies experience data breaches.

Credit reporting agency Equifax learned this lesson the hard way when it was hit by a cyberattack that exposed addresses, Social Security numbers and financial information for 134 million customers. Equifax is the latest in a line of breaches at large companies, following major incidents at Wells Fargo and Yahoo, among others, in the last year.