The defendants stole the personal information of nearly 150 million Americans in one of the largest data breaches in history, the Justice Department said.
By Tom Winter
Four Chinese military hackers were charged with hacking into the Equifax credit reporting company in 2017 and stealing the personal information of nearly 150 million Americans, the Justice Department said Monday.
The nine-count indictment says that the four officers exploited a vulnerability in Equifax’s online dispute portal to conduct surveillance on the company’s network and then steal login credentials in what was one of the largest data breaches in history. The hackers managed to spend several weeks inside Equifax’s network collecting data, storing it in output files and ultimately downloading it onto computers outside the U.S. — all while avoiding detection, the indictment says.
The result was the theft of names, birth dates and social security information belonging to approximately 145 million Americans.
“In short, this was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military,” Attorney General William Barr said.
The four defendants — Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei — were members of the Chinese People’s Liberation Army’s 54th Research Institute, an arm of the Chinese military, the indictment says.
They each face three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud, among other charges.
“This was a deliberate and sweeping intrusion into the private information of the American people,” Barr said.
“Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information,” he added.
Equifax disclosed the breach in September 2017, setting off a cascade of criticism over its security practices and response to the hack. Then-CEO Richard Smith resigned ahead of congressional hearings as the scandal deepened. The credit-reporting company later agreed to pay up to $700 million to settle federal and state probes — with $425 million set aside for affected customers.
In a statement, Equifax CEO Mark Begor praised the Justice Department and FBI for their “tireless efforts” in pursuing those responsible for the cyberattack.
“It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime – with the seriousness it deserves, and that the Justice Department is committed to pursuing those who target U.S. consumers, businesses and our government,” Begor said.
“The attack on Equifax was an attack on U.S. consumers as well as the United States