Why would they send you to a http at all if they already have https. This just seems like complete incompetence. It’s not like they have an excuse like their ad networks don’t work with https.
I know of companies with typos in their links that they email. These typos lead to scam sites. I've contacted them and they haven't yet fixed it. There needs to be a serious re-evaluation of the costs associated with failing such basic security measures like using https and just making sure you send people the correct link. Right now it isn't even a slap on the wrist.
But there are protections against this, such as HSTS. I would expect someone with as much sensitive information as Equifax to have HSTS + HPKP pinned into the major browsers. Their server should never even receive an HTTP request. It's just unrivaled incompetence.
Normally, people in marketing don’t write URLs by hand. They copy them and check that they look nice or have a generator make them for them.
So, how did they copy an http url instead of https because they website should have redirected them to https before processing the request (and I just hope that their internal network isn’t compromised).