The US Justice Department on Monday charged four members of China’s People’s Liberation Army in connection with the Equifax hack, one of the largest data breaches in US history.
The four alleged Chinese military hackers are listed as Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, according to the indictment. They are charged with computer fraud, economic espionage and wire fraud.
“This is the largest theft of sensitive [personally identifiable information] by state-sponsored hackers ever recorded,” FBI deputy director David Bowdich said at a press conference on Monday.
The Chinese embassy didn’t immediately respond to a request for comment.
This is only the second time the Justice Department has indicted Chinese military hackers, Bowdich said. The, when the US charged Chinese hackers with theft from NASA and the technology sector.
In a statement, Equifax’s CEO Mark Begor thanked the Justice Department for its investigation, and said that protecting companies from hacks “from well-financed nation-state actors that operate outside the rule of law is increasingly difficult.”
“It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime – with the seriousness it deserves, and that the Justice Department is committed to pursuing those who target U.S. consumers, businesses and our government,” Begor said. “The attack on Equifax was an attack on U.S. consumers as well as the United States.”
The 2017 cyberattack on Equifax, and the hackers got access to names, Social Security numbers, birthdates and addresses. In July 2019, the credit-monitoring agency settled with the over its security failures.
“This data has economic value and these thefts can feed china’s development of artificial intelligence tools as well as the creation of intelligence-targeting packages,” Attorney General William Barr said.
At the time the hack was revealed,that the company failed to patch.
According to the indictment, the four hackers took advantage of the unpatched vulnerability and infiltrated Equifax’s servers on July 30, 2017. The company, despite the fact that the vulnerability had been known about for at least two months.
A congressional committee said the hack was “” in a 2018 report.
On Monday, Sen. Mark Warner, a Democrat from Virginia, echoed that point.
“The indictment does not detract from the myriad of vulnerabilities and process deficiencies that we saw in Equifax’s systems and response to the hack,” Warner said in a statement. “A company in the business of collecting and retaining massive amounts of Americans’ sensitive personal information must act with the utmost care — and face any consequences that arise from that failure.”
Once the hackers had access to Equifax’s networks, the hackers allegedly stole login credentials and sensitive personally identifiable information on Equifax’s databases, as well as trade secrets, according to court documents. Prosecutors said the Chinese military hackers attempted to cover their tracks by using about 34 servers located in nearly 20 countries, including hosting services outside of China.
Court documents claimed that the alleged hackers also used encrypted communications within Equifax’s network to blend in with the company’s normal activities.
Barr said the Justice Department normally doesn’t bring charges against military officers of another country, but noted that there were exceptions, as in Equifax’s case.
“Equifax’s cooperation throughout the investigation was critical to our development throughout this case,” Barr said.
Originally published Feb. 10, 7:10 a.m. PT.
Update, 7:23 a.m. PT: Includes more details on the alleged hackers.
Update, 7:34 a.m. PT: Adds details from the indictment.
Update, 8:18 a.m. PT: Includes statement from Equifax.
Update, 9:03 a.m. PT: Adds statement from Sen. Warner.
- [LLODO] Montana massive 30-car pileup blamed on icy bridge
- [LLODO] Jimmy Hoffa FBI files that have been hidden since 1975 must be released, lawmakers tell DOJ
- [LLODO] Kansas officers hurt in ‘possible explosion’ in downtown Wichita
- [LLODO] Virginia hit-and-run kills off-duty police officer
- [LLODO] New York bars, restaurants suing state over coronavirus curfew get temporary OK to stay open later: report
- [LLODO] NY Gov. Cuomo fundraised off #MeToo movement in 2018
- [LLODO] CNN’s Dana Bash flubs Cuomo question to Psaki, refers to NY governor as ‘Chris’
- [LLODO] Cuomo team backs away from sexual harassment investigation pick, allows AG to choose independent lawyer