IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

US indicts four Chinese military officials over Equifax hack

The indictments come as tensions between the US and China continue to escalate

Four Chinese military officials have been charged with masterminding the devastating Equifax hack of 2017, and stealing sensitive information on 150 million US customers alongside trade secrets.

A US federal grand jury has indicted the four Chinese nationals for conspiring with the Chinese military to steal the personal and financial data of Equifax customers as part of a major hacking operation. 

The attack exploited a major vulnerability in software used by the credit rating agency’s online dispute portal, and was notable not for its size but the quality of data the alleged hackers managed to harvest. The data included full names, dates of birth and addresses in addition to drivers’ license numbers, credit card information and social security numbers.

“This was a deliberate and sweeping intrusion into the private information of the American people,” the US Attorney General William Barr said at a press conference, according to the Wall Street Journal.

“We collect information only for legitimate national security purposes; we don’t indiscriminately violate the privacy of ordinary citizens.”

The charges have come in the midst of rising trade and geopolitical tensions between the US and China. The Trump administration, for instance, has not just slapped tariffs on Chinese networking products, but has mulled banning major companies like Huawei and ZTE entirely.

The US also has a brief history of blaming the Chinese hacking into US companies in order to gain a competitive advantage. 

Prosecutors with the US Justice Department, for example, charged five Chinese army officials with hacking into private US-based companies in 2014.

The then Attorney General Eric Holder branded the security breaches as “significant” when the charges were filed, with the Chinese military officers having stolen trade secrets and internal documentation from five companies and one trade union.

The frequency of hacking charges issued by the US has risen in recent years, with individuals from Iran, Russian and North Korea also subject to similar indictments by consequence of alleged state-sponsored hacking.

“For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott hotels and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax,” Barr added. 

Equifax was fined £500,000 by the UK’s data protection watchdog the Information Commissioner’s Office (ICO) in late 2018 for violating the Data Protection Act 1998. 

Related Resource

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

The credit agency narrowly avoided a penalty under GDPR due to the incident having occurred prior to 25 May 2018, although the same cannot be said for Marriott, which was fined £99 million last year for the breach of its systems.

Investigators looking into the attack had pinpointed Chinese authorities as being responsible, which Barr effectively corroborated with his assertions in the wake of charging four Chinese military officials for the Equifax breach.

Although responsibility for the Equifax breach has not been designated until now, the firm’s ex-CIO was sentenced to four months in prison for insider trading in the wake of the disaster. Jun Ying was found guilty in July 2019 of selling $950,000 worth of company shares after learning that Equifax had sustained the breach

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


What is cyber warfare?

What is cyber warfare?

15 Oct 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022