This is not actually true. The right to withdraw consent, the right to object and the right to be forgotten are all different. In the first and second case, the company has to stop processing the data, but they don't have to remove it. In the last case, they actually have to remove the data. The removal of data has a caveat that the company doesn't have to do it if it would be onerous (but what that means is left up in the air... so we'll have to see some judgements before we know exactly what it means).

In the case of Equifax, they are a third-party processor. Under GDPR, you would have to be informed if the processing was necessary under contract basis. Once the contract is finished, you can request that your data is removed and the original processor must inform all third party processors. So Equifax would be required to remove the data. For legitimate interest or consent basis, you can ask to be removed at any time. You don't have the right to be removed wrt data collected for regulatory reasons.

I think the key here is that Equifax (being a third party processor) does not have to respond to you if you say "Please remove all of my data". I think you have to go to the original processor (which sucks, because you have to track down how they got your information). I may be wrong about that, though (the company I work for doesn't collect 3rd party info, so I didn't pay much attention to that part of the law).