The United States Department of Justice has charged four Chinese intelligence officers with hacking-related offenses in relation to the September 2017 breach of credit reporting agency Equifax that affected nearly 150 million Americans and many foreign citizens. U.S. Attorney General William Barr said during a press conference that the hackers are also charged with “stealing the sensitive personal information of nearly half of all American citizens.”
Barr called it a “a deliberate and sweeping intrusion into the private information of the American people.” He went on to say that Chinese hackers have a “voracious appetite” for personal data on Americans.
Barr also said that though it is not standard procedure for the U.S. Department of Justice to charge foreign military and intelligence officials, the Equifax breach warranted it due to its massive impact. The crime “cannot be countenanced,” he said.
Federal prosecutors filed the nine-count indictment of the four People’s Liberation Army members – Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei — in Atlanta. Prosecutors allege the four stole company trade secrets. Their other alleged crimes include computer fraud, economic espionage, and wire fraud.
FBI Deputy Director David Bowdich said the law enforcement agency could not actually take the four into custody for prosecution and possible sentencing should they be found guilty but noted: “One day, these criminals will slip up, and when they do, we’ll be there.”
Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei face charges of computer fraud, economic espionage, and wire fraud for their role in one of the largest thefts of personally identifiable information by state-sponsored hackers ever recorded. https://t.co/KcZ8lOfpbd pic.twitter.com/65vDyh4HTx
— FBI (@FBI) February 10, 2020
Equifax CEO Mark W. Begor issued a strong statement in response to the indictment, saying: “We are grateful to the Justice Department and the FBI for their tireless efforts in determining that the military arm of China was responsible for the cyberattack on Equifax in 2017…The attack on Equifax was an attack on U.S. consumers as well as the U.S.”
Begor made note the company is spending more than $1.25 billion on beefing up security and cloud technology, adding that it has “made tremendous progress toward embedding security into everything we do.”
Following the 2017 breach, people’s Social Security numbers, birth dates, and other personal information was exposed.
The charges come after Equifax’s agreement with the Federal Trade Commission (FTC) to pay a settlement of at least $650 million. Those affected were able to request a payout of up to $125 or receive free credit monitoring.
However, due to the “overwhelming” volume of requests to be compensated, the FTC has warned the actual amount people will receive will be far less than $125 because only $31 million of the settlement amount was allocated for those cash payouts. The agency wrote in a July 2019 guidance that “you can still choose the cash option on the claim form, but you will be disappointed with the amount you receive, and you won’t get the free credit monitoring.”
It turns out opting for the free credit monitoring services was actually a better deal because you get four years of service from the three major credit reporting bureaus — Equifax, Experian, and TransUnion — plus free identity theft prevention. The monetary value of these services is very likely going to be more than any whittled-down cash payout.
Among the many data intrusions the U.S. government blames China for are the 2015 hacks of health insurance company Anthem, which resulted in 80 million current and former members and employees’ details being exposed, and the U.S. Office of Personnel Management. Chinese hackers are also suspected in the 2018 breach of hotel chain Marriott, which affected 500 million guests’ data.