Equifax Breach Was The Work Of Chinese State Hackers, DOJ Says

 Monday, February 10, 2020

 ARS Technica

The saga of Equifax’s massive 2017 data breach continues, as the Justice Department this morning announced formal charges against four members of the Chinese military allegedly behind the hack.

Attorney General William Barr today made public an indictment (PDF) filed in federal court in Atlanta (where Equifax is based).

Four members of the People’s Liberation Army are charged with hacking into the company to steal both individuals’ data and company trade secrets. The men used a known vulnerability in Apache Struts to enact "a deliberate and sweeping intrusion into the private information of the American people," Barr said.

All four men—Wang Qian, Xu Ke, Liu Lei, and Wu Zhiyong—are members of the Chinese army’s 54th Research Institute and face a total of nine charges, including computer fraud, wire fraud, and economic espionage, as well as conspiracy to commit computer fraud, wire fraud, and economic espionage.

"This was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military,” Barr said.