US indicts four Chinese military officials over Equifax hack

The indictments come as tensions between the US and China continue to escalate

Four Chinese military officials have been charged with masterminding the devastating Equifax hack of 2017, and stealing sensitive information on 150 million US customers alongside trade secrets.

A US federal grand jury has indicted the four Chinese nationals for conspiring with the Chinese military to steal the personal and financial data of Equifax customers as part of a major hacking operation. 

The attack exploited a major vulnerability in software used by the credit rating agency’s online dispute portal, and was notable not for its size but the quality of data the alleged hackers managed to harvest. The data included full names, dates of birth and addresses in addition to drivers’ license numbers, credit card information and social security numbers.

“This was a deliberate and sweeping intrusion into the private information of the American people,” the US Attorney General William Barr said at a press conference, according to the Wall Street Journal.

“We collect information only for legitimate national security purposes; we don’t indiscriminately violate the privacy of ordinary citizens.”

The charges have come in the midst of rising trade and geopolitical tensions between the US and China. The Trump administration, for instance, has not just slapped tariffs on Chinese networking products, but has mulled banning major companies like Huawei and ZTE entirely.

The US also has a brief history of blaming the Chinese hacking into US companies in order to gain a competitive advantage. 

Prosecutors with the US Justice Department, for example, charged five Chinese army officials with hacking into private US-based companies in 2014.

The then Attorney General Eric Holder branded the security breaches as “significant” when the charges were filed, with the Chinese military officers having stolen trade secrets and internal documentation from five companies and one trade union.

The frequency of hacking charges issued by the US has risen in recent years, with individuals from Iran, Russian and North Korea also subject to similar indictments by consequence of alleged state-sponsored hacking.

“For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott hotels and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax,” Barr added. 

Equifax was fined £500,000 by the UK’s data protection watchdog the Information Commissioner’s Office (ICO) in late 2018 for violating the Data Protection Act 1998. 

Related Resource

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

The credit agency narrowly avoided a penalty under GDPR due to the incident having occurred prior to 25 May 2018, although the same cannot be said for Marriott, which was fined £99 million last year for the breach of its systems.

Investigators looking into the attack had pinpointed Chinese authorities as being responsible, which Barr effectively corroborated with his assertions in the wake of charging four Chinese military officials for the Equifax breach.

Although responsibility for the Equifax breach has not been designated until now, the firm’s ex-CIO was sentenced to four months in prison for insider trading in the wake of the disaster. Jun Ying was found guilty in July 2019 of selling $950,000 worth of company shares after learning that Equifax had sustained the breach

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

22 Sep 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020