US indicts four Chinese military officials over Equifax hack

The indictments come as tensions between the US and China continue to escalate

Four Chinese military officials have been charged with masterminding the devastating Equifax hack of 2017, and stealing sensitive information on 150 million US customers alongside trade secrets.

A US federal grand jury has indicted the four Chinese nationals for conspiring with the Chinese military to steal the personal and financial data of Equifax customers as part of a major hacking operation. 

Advertisement - Article continues below

The attack exploited a major vulnerability in software used by the credit rating agency’s online dispute portal, and was notable not for its size but the quality of data the alleged hackers managed to harvest. The data included full names, dates of birth and addresses in addition to drivers’ license numbers, credit card information and social security numbers.

“This was a deliberate and sweeping intrusion into the private information of the American people,” the US Attorney General William Barr said at a press conference, according to the Wall Street Journal.

“We collect information only for legitimate national security purposes; we don’t indiscriminately violate the privacy of ordinary citizens.”

The charges have come in the midst of rising trade and geopolitical tensions between the US and China. The Trump administration, for instance, has not just slapped tariffs on Chinese networking products, but has mulled banning major companies like Huawei and ZTE entirely.

The US also has a brief history of blaming the Chinese hacking into US companies in order to gain a competitive advantage. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Prosecutors with the US Justice Department, for example, charged five Chinese army officials with hacking into private US-based companies in 2014.

The then Attorney General Eric Holder branded the security breaches as “significant” when the charges were filed, with the Chinese military officers having stolen trade secrets and internal documentation from five companies and one trade union.

The frequency of hacking charges issued by the US has risen in recent years, with individuals from Iran, Russian and North Korea also subject to similar indictments by consequence of alleged state-sponsored hacking.

“For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott hotels and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax,” Barr added. 

Equifax was fined £500,000 by the UK’s data protection watchdog the Information Commissioner’s Office (ICO) in late 2018 for violating the Data Protection Act 1998. 

Related Resource

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

The credit agency narrowly avoided a penalty under GDPR due to the incident having occurred prior to 25 May 2018, although the same cannot be said for Marriott, which was fined £99 million last year for the breach of its systems.

Advertisement - Article continues below

Investigators looking into the attack had pinpointed Chinese authorities as being responsible, which Barr effectively corroborated with his assertions in the wake of charging four Chinese military officials for the Equifax breach.

Although responsibility for the Equifax breach has not been designated until now, the firm’s ex-CIO was sentenced to four months in prison for insider trading in the wake of the disaster. Jun Ying was found guilty in July 2019 of selling $950,000 worth of company shares after learning that Equifax had sustained the breach

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

16 Mar 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020
Visit/hardware/355904/picking-the-perfect-multifunction-printer
Hardware

Picking the perfect multifunction printer

4 Jun 2020