The U.S. Justice Department has indicted four members of the Chinese military in connection with one of the biggest data breaches in history, a hack that compromised the data of nearly half of all American citizens.
The credit report giant Equifax had its systems compromised in a 2017 security breach that gave hackers access to information such as Social Security numbers, birth dates, and addresses. In total, the members of the Chinese military are accused of stealing personally identifiable information from 145 million Americans, as well as driving license numbers for ten million and the credit card numbers of around 200,000.
A nine-count indictment unveiled Monday accused four Chinese military members of hacking into the company’s computer networks, maintaining unauthorized access to them, and stealing the sensitive data. The four are named as Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei—all of them are said to have carried out the hack as part of the People's Liberation Army’s (PLA) 54th Research Institute, a component of the Chinese military.
“This was a deliberate and sweeping intrusion into the private information of the American people,” Attorney General William Barr said in a statement. “This was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military.”
Barr added: “Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”
What remained to be seen was how this might fit into a larger pattern of aggression U.S. officials have attributed to the Chinese military. In 2014, the Obama-era Justice Department indicted five members of the PLA on charges of corporate espionage, specifically intellectual property theft.
“Fraud is a surface level strategy,” Paul Martini, co-founder of network security platform iBoss, told The Daily Beast. "Equifax is a holy grail in terms of the value of information that can be used to reset passwords and grant access to other systems, like power grids, sensitive devices, even military vehicles."
The four Chinese military members are accused of running thousands of queries on Equifax’s systems before gaining access to and downloading millions of pieces of information between May and July 2017. They’re also accused of stealing valuable trade secret information, including Equifax’s data compilations and the company’s database designs.
When it was disclosed, the hack prompted public fury over the company's vulnerability and the mass exposure of customer information, and ultimately led to the resignation of Equifax chief executive Richard Smith.
“Ultimately, the company is responsible for its data, as challenging as that can be,” Martini said.