Chinese military hackers charged in Equifax data breach

by Ryan Smith10 Feb 2020

The Justice Department has indicted four members of the Chinese military on charges of hacking the computer systems of credit-reporting agency Equifax.

The 2017 Equifax hack was one of the largest data breaches in history, in which hackers obtained the personal information of nearly 150 million Americans. The breach cost Equifax hundreds of millions of dollars in civil penalties and imposed substantial costs on consumers who had to take measures to protect against identity theft.

The alleged hackers were members of the Chinese People’s Liberation Army, according to Attorney General William Barr. Barr said that the accused hackers, Wang Qian, Wu Zhiyong, Xu Ke and Liu Lei, are alleged to have broken into Equifax’s system through a vulnerability in its dispute-resolution website. Once they gained access, the hackers allegedly spent weeks digging through customer data, uploanding malicious software and stealing login credentials, all in preparation for the theft of “vast amounts of data” from Equifax’s system, Barr said.

“This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data,” Barr said in a statement. “For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the US Office of Personnel Management, the intrusion into Marriott hotels, and Anthem health insurance company – and now the wholesale theft of credit and other information from Equifax. This data has economic value, and these thefts can feed China’s development of artificial intelligence tools as well as the creation of intelligence-targeting packages.”

Barr said that the investigation also revealed “a pattern of state-sponsored computer intrusions and thefts by China targeting trade secrets and confidential business information’ by a group known as APT 10, which Barr said worked in association with the Chinese Ministry of State Security.

“Indeed, about 80% of our economic espionage prosecutions have implicated the Chinese government, and about 60% of all trade-secret theft cases in recent years involved some connection to China,” he said.

Barr said that while the US does not normally bring criminal charges against members of other nations’ military or intelligence services outside the US, “the deliberate, indiscriminate theft of vast amounts of sensitive personal data of civilians, as occurred here, cannot be countenanced.”