US indicts four Chinese military officials over Equifax hack

The indictments come as tensions between the US and China continue to escalate

Four Chinese military officials have been charged with masterminding the devastating Equifax hack of 2017, and stealing sensitive information on 150 million US customers alongside trade secrets.

A US federal grand jury has indicted the four Chinese nationals for conspiring with the Chinese military to steal the personal and financial data of Equifax customers as part of a major hacking operation. 

The attack exploited a major vulnerability in software used by the credit rating agency’s online dispute portal, and was notable not for its size but the quality of data the alleged hackers managed to harvest. The data included full names, dates of birth and addresses in addition to drivers’ license numbers, credit card information and social security numbers.

“This was a deliberate and sweeping intrusion into the private information of the American people,” the US Attorney General William Barr said at a press conference, according to the Wall Street Journal.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

“We collect information only for legitimate national security purposes; we don’t indiscriminately violate the privacy of ordinary citizens.”

The charges have come in the midst of rising trade and geopolitical tensions between the US and China. The Trump administration, for instance, has not just slapped tariffs on Chinese networking products, but has mulled banning major companies like Huawei and ZTE entirely.

The US also has a brief history of blaming the Chinese hacking into US companies in order to gain a competitive advantage. 

Prosecutors with the US Justice Department, for example, charged five Chinese army officials with hacking into private US-based companies in 2014.

The then Attorney General Eric Holder branded the security breaches as “significant” when the charges were filed, with the Chinese military officers having stolen trade secrets and internal documentation from five companies and one trade union.

The frequency of hacking charges issued by the US has risen in recent years, with individuals from Iran, Russian and North Korea also subject to similar indictments by consequence of alleged state-sponsored hacking.

Advertisement - Article continues below

“For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott hotels and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax,” Barr added. 

Equifax was fined £500,000 by the UK’s data protection watchdog the Information Commissioner’s Office (ICO) in late 2018 for violating the Data Protection Act 1998. 

Related Resource

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

The credit agency narrowly avoided a penalty under GDPR due to the incident having occurred prior to 25 May 2018, although the same cannot be said for Marriott, which was fined £99 million last year for the breach of its systems.

Investigators looking into the attack had pinpointed Chinese authorities as being responsible, which Barr effectively corroborated with his assertions in the wake of charging four Chinese military officials for the Equifax breach.

Although responsibility for the Equifax breach has not been designated until now, the firm’s ex-CIO was sentenced to four months in prison for insider trading in the wake of the disaster. Jun Ying was found guilty in July 2019 of selling $950,000 worth of company shares after learning that Equifax had sustained the breach

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/security/28170/what-is-cyber-warfare
Security

What is cyber warfare?

20 Sep 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/software/linux/354831/microsoft-to-add-defender-antivirus-software-to-linux-ios-and-android
Linux

Microsoft to add Defender antivirus software to Linux, iOS and Android

21 Feb 2020