Chinese Military Officers Indicted for 2017 Equifax Data Breach
Subscribe

Chinese Military Officers Indicted for 2017 Equifax Data Breach

February 10, 2020
Photo credit: Getty Images/Traitov
The U.S. Department of Justice (DOJ) has charged four members of the Chinese military with coordinating the 2017 data breach of Equifax, one of the largest cybersecurity hacks in history.
 
Photo credit: Getty Images/hanhanpeggyThe data breach occurred on Sept. 7, 2017, and impacted more than 147 million consumers, or 56 percent of U.S. adults; Equifax Chairman and CEO Richard Smith was forced to step down as a result of the incident. The breached information included Social Security numbers, names, dates of birth, addresses, credit card numbers and, in some cases, driver’s license numbers. Last July, Equifax reached a $700 million settlement with the Consumer Financial Protection Bureau (CFPB) and a coalition of attorneys general from 48 states, the District of Columbia and Puerto Rico to resolve litigation related to the breach.
 
The Justice Department’s nine-count indictment identified the culprits as Wang Qian, Xu Ke, Liu Lei and Wu Ziayong, all military officers in the People’s Liberation Army's 54th Research Institute, an arm of the Chinese military. They are also accused of stealing the company’s trade secrets, including database designs.
 
“The scale of the theft was staggering,” said Attorney General William Barr. “This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft.”
 
Mark W. Begor, CEO of Atlanta-based Equifax, expressed gratitude that the alleged culprits behind the data breach were identified.
 
“We are grateful to the Justice Department and the FBI for their tireless efforts in determining that the military arm of China was responsible for the cyberattack on Equifax in 2017,” he said. “It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime–with the seriousness it deserves, and that the Justice Department is committed to pursuing those who target U.S. consumers, businesses and our government. The attack on Equifax was an attack on U.S. consumers as well as the United States.”
 
Begor added that his company was “spending an incremental $1.25 billion between 2018 and 2020 on enhanced security and technology as part of our EFX 2020 cloud technology transformation, and we have made tremendous progress toward embedding security into everything we do. Our industry leading cloud technology transformation will make us more secure and enable us to innovate and develop solutions with our differentiated data assets to better serve our customers and consumers.”
 
The Chinese government did not immediately respond to the indictments and the whereabouts of the accused is unknown.

 
Compliance