“U.S. authorities have indicted four members of the Chinese military on charges of hacking the credit-reporting agency Equifax, stealing the sensitive personal information of roughly 145 million Americans and Equifax’s trade secrets, the Department of Justice (DOJ) said on Jan. 10.
The breach into Equifax in mid-2017 was one of the largest hacks on record and exposed Americans’ sensitive financial records, Social Security numbers, and driver’s license data.
A federal grand jury in Atlanta returned a nine-count indictment last week that accused four members of the People’s Liberation Army (PLA) of engaging in a hacking operation that involved exploiting a vulnerability in Equifax’s online dispute portal.
“This was a deliberate and sweeping intrusion into the private information of the American people,” said U.S. Attorney General William Barr in a press release.
Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei were members of the PLA’s 54th Research Institute, a unit of the Chinese military, the DOJ stated.
The hackers spent weeks in the system, uploading malicious software and stealing login credentials to carry out their theft, Barr said at a Feb. 10 press conference.
Prosecutors allege that the hackers ran about 9,000 queries on Equifax’s system to search for sensitive personal data, and managed to obtain names, birth dates, and Social Security numbers for about 145 million Americans—almost half of all U.S. citizens.
They also routed traffic through 34 servers in nearly 20 locations in order to hide their links to China, the department said.
The indictment also charges the hackers with theft of Equifax’s trade secrets, namely its data compilations and database designs.
The announcement came after a two-year investigation, Barr said.
Equifax CEO Mark Begor said the company was grateful for the federal investigation.
“It is reassuring that our federal law enforcement agencies treat cybercrime—especially state-sponsored crime—with the seriousness it deserves,” he said in a Feb. 10 press release.
In the aftermath of the cyberattack, Equifax has agreed to pay up to $700 million to settle claims by harmed customers.
The controversy also led to the departure of its then-CEO Richard Smith and several congressional hearings into the company’s delayed disclosure of the breach and its cybersecurity practices.
Sen. Ben Sasse (R-Neb.), a member of the U.S. Senate Select Committee on Intelligence, denounced the Chinese regime’s role in the hack.
“The Chinese Communist Party will leave no stone unturned in its effort to steal and exploit American data,” he said in a Feb. 10 statement.
“These indictments are good news, but we’ve got to do more to protect Americans’ data from Chinese Communist Party influence operations.”
The Equifax breach, Barr said, was one among a range of Chinese state-backed hacking operations aimed to steal sensitive personal information from Americans.”