The U.S. Department of Justice announced on Monday that four members of the Chinese military have been charged with stealing personal information of nearly 150 million Americans from Equifax computers in 2017. The four men charged Wu Zhiyong, Liu Lei, Wang Qian, and Xu Khe have not been arrested and are believed to be living in China currently. These men were able to access addresses, birth dates, Social Security Numbers, names, and credit card numbers from over 145 million Equifax users. Equifax Inc. is one of the three largest consumer credit reporting agencies, making this breach one of the largest ever state-sponsored hacks of all time.
Why it Matters: The four members of the People’s Liberation Army, an arm of the Chinese military, are also accused of stealing trade secrets from the organization, including prototypes for databases, law enforcement officials said. The accused hackers exploited a loophole in software that allowed them to get login credentials and access the company’s network when searching for personal data. From there they accessed over 145 million Equifax users records including at least 290,000 credit card numbers. While it is unlikely these four Chinese military members were stealing such massive amounts of data to sell on the black market, or use to phish people, it is unnerving that China now has so much data on American citizens.
America’s Response: US Attorney General William Barr announced the charges against the four Chinese officials and also stated this is one of many attempts made by the Chinese to illegally take American data. The US Department of Justice believes China was behind the Marriott Hotels breach and the health insurance company Anthem’s hack. The US Department of Justice is worried about what it sees as the growing political and economic influence of China, and efforts by Beijing to collect data on Americans and steal scientific research and innovation. A sort of “economic espionage” on America can only help China. China thus far has denied all responsibility and that they were under any specific government instructions.
If you have an Equifax account and also work for the government it is worth paying extra attention or even possibly freezing your credit until further information is possibly revealed about what your stolen data is being used for or why? Since the hack was state-sponsored regardless of Chinese denial, they could be targeting specific individuals or users who work in some part of the government.