US charges four Chinese military hackers in 2017 Equifax breach

Indictments are the latest move by US authorities to eradicate Chinese spying on American soil.

Equifax agreed to pay up to $700m to settle claims it broke the law during the data breach and to repay harmed consumers [File: Dado Ruvic/Illutration/Reuters]

The United States delivered its latest salvo in an aggressive campaign by authorities to root out Chinese espionage activities on American soil, charging four Chinese military hackers in connection with a 2017 data breach of the Equifax credit reporting agency.

“This was a deliberate and sweeping intrusion into the private information of the American people,” said US Attorney General William Barr, announcing the indictments of four members of the Chinese Liberation Army in connection with the cybercrime that affected nearly 150 million Americans.

The Chinese Embassy in Washington did not immediately respond to a Reuters News Agency request for comment.

Since turning the spotlight on China in 2018, the US has snared a growing group of Chinese government officials, business people, and academics pursuing American secrets.

Roughly 147 million people had information, including Social Security numbers, birth dates and driver’s licence data, compromised by the Equifax data breach – one of the largest in US history.

The hackers spent weeks in the Equifax system, breaking into computer networks, stealing company secrets and personal data. The hackers routed traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location.

Equifax CEO Mark Begor said the company was grateful for the Justice Department investigation.

“It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime-with the seriousness it deserves,” he said in a statement.

US officials have said Chinese hackers were behind an enormous breach at the Office of Personnel Management, which came to light in 2015 and involved the compromise of sensitive personal data submitted by applicants for US government security clearances.

That breach exposed the names, Social Security numbers and addresses of more than 22 million current and former US federal employees and contractors, as well as 5.6 million fingerprints.

Chinese hackers are similarly suspected of being behind a massive breach at hotel group Marriott International Inc.

Senator Ben Sasse, a Republican member of the Senate Select Committee on Intelligence, urged tougher action to counter Chinese hacking.

“The Chinese Communist Party will leave no stone unturned in its effort to steal and exploit American data. These indictments are good news, but we’ve got to do more to protect Americans’ data from Chinese Communist Party influence operations,” he said in a statement.

The Equifax data breach, because it was so large and involved so much sensitive financial information on so many Americans, had far-reaching implications for Equifax and the consumer credit industry.

The company agreed to pay up to $700m to settle claims it broke the law during the data breach and to repay harmed consumers.

The scandal sent the company into turmoil, leading to the exit of its then-CEO, Richard Smith, and multiple congressional hearings as the company’s slowness to disclose the breach and security practices were challenged by legislators.

Policymakers and consumer groups have questioned how private companies could amass so much personal data, sparking efforts to bolster consumers’ ability to control their information. Both the Senate Banking and House of Representatives Financial Services Committees are considering legislation that would require companies to better protect consumer data.

Source: Reuters