According to the US government, Equifax's data breach was done by China

According to the US government, Equifax's data breach was done by China

The US Department of Justice today charged that four members of the Chinese People's Liberation Army (PLA) carried out the 2017 Equifax hack

"This was a deliberate and widespread intrusion into the personal information of American citizens," Attorney General William P Barr said at a press conference today (February 10) [Today, we hold the PLA hackers accountable for their criminal conduct, and we remind the Chinese government that we have the ability to remove the cloak of Internet anonymity and find the hackers that that country has repeatedly deployed against us

The Equifax hack stole the personal data of 146 million US residents, exposing their names, addresses, dates of birth, and Social Security numbers Approximately 400,000 Britons and 100,000 Canadians were also affected

The indictment, secretly filed last week by a grand jury in Atlanta, where Equifax is based, charges Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei with, respectively, conspiracy to commit computer fraud, conspiracy to commit economic espionage, conspiracy to commit wire fraud, and unauthorized access to protected computers, intentional damage to a protected computer, economic espionage, and three counts of wire fraud, for a total of nine crimes

It is not clear whether the four are civilians working for the PLA or active members of the Chinese military The indictment does not state the ranks of the defendants, but says the four are members of the PLA's 54th Institute (Update: A wanted poster posted online by the FBI shows photos of Wu and Xu, allegedly in military uniform)

Suspicions that the Equifax hack was carried out by Chinese government agents surfaced shortly after the massive data theft was made public in September 2017

Despite the fact that attackers reportedly accessed Equifax's systems between May and July of 2017 and that the stolen information put half of the US population at serious risk of identity theft, the stolen data was sold on cybercrime marketplaces The data was never offered for sale on cybercrime marketplaces and was never used for other criminal purposes

Other massive data thefts that did not result in increased criminal activity are believed to be the work of Chinese government agents They include the Starwood Hotel information breach in early 2019 and the devastating 2015 Office of Personnel Management information breach in which the records of 215 million current, former, and prospective US government employees were stolen

The prevailing theory among US experts is that Chinese intelligence agencies are using this data to find and track the movements of Western politicians, military leaders, corporate executives, and intelligence officers

Equifax is in the process of settling a $380 million class action lawsuit related to the information breach The window to file for compensation related to the information breach has recently closed, but it seems unlikely that individual claimants will get much

Categories