US charges 4 members of Chinese military for massive Equifax hack

0
Equifax (Photo: Pixabay)

WASHINGTON (CBS News) — The Department of Justice unveiled charges against four members of China’s military for allegedly hacking into the credit agency Equifax and stealing the personal information of millions of Americans in 2017.

“This was one of the largest data breaches in history,” Attorney General William Barr said at a press conference on Monday. “The scale of the theft was staggering. As alleged in the indictment, the hackers obtained the names, birth dates and Social Security numbers of nearly 145 million Americans, and the drivers licenses of at least 10 million Americans.”

The Department of Justice unveiled charges against four members of China’s military for allegedly hacking into the credit agency Equifax and stealing the personal information of millions of Americans in 2017. (Photo: CBS News)
- Advertisement -

The four charged are Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, all of whom are members of the 54th Research Institute, a component of China’s People’s Liberation Army, prosecutors said. A federal grand jury in Atlanta returned the nine-count indictment on charges of computer fraud, economic espionage and wire fraud. The men have not been taken into custody and are considered wanted by the FBI.

Equifax settled a class action lawsuit over the breach for more than $700 million in 2019.

In the indictment, prosecutors said the hackers exploited a vulnerability in a portal on Equifax’s website to steal login credentials used to gain access to databases on the company’s network. Once inside the network, the hackers ran searches of databases to identify personal information, storing the results in files that were split into smaller pieces to download more efficiently.



The indictment says the hackers used 34 servers in 20 countries to access the Equifax network and used existing encrypted communication channels to “blend in with normal network activity.”

The hackers first gained access to the portal in May 2017 and continued to steal information from Equifax’s databases until the end of July, according to the indictment.