It Was The Chinese Army That Hacked Equifax

Uploaded on 2020-02-17 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

US has charged four Chinese military officers for cyber-attacks on credit rating giant Equifax in 2017 and stealing the personal information of about 145 million Americans. Millions of Canadian and British customers were also affected by the cyber-attack, which has been described as one of the largest data breaches in history.

Between May and the end of July 2017, the hackers stole 145.5 million social security numbers and 209,000 payment card numbers and expiration dates as well as names and addresses and Equifax’s company secrets, according to US Law Enforcement officials.

The charges against the men include conspiracy to commit computer fraud, conspiracy to commit economic espionage and conspiracy to commit wire fraud.In an indictment handed up by a grand jury in Atlanta, the men face nine counts including conspiracy to commit computer fraud and conspiracy to commit economic espionage. 

Attorney General William Barr, who announced the charges, called it the latest example of what he said was a sweeping campaign by China's government to steal seemingly endless amounts of data from the United States. "Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets and other confidential information," Barr said.

Equifax, which is based in Atlanta, compiles information on millions of Americans as part of the loan and finance system. Last year, it paid up to $700 million in fines and monetary relief to consumers.
The four men who have been charged are members of the 54th Research Institute of the People's Liberation Army, according to the indictment. 

Cyber Attack Access
The defendants illegally accessed Equifax's network through a vulnerability in the company's online dispute portal, prosecutors say. Once inside the system, they vacuumed up names, birth dates and social security numbers for 145 million Americans, nearly half of all Americans. They stole credit card numbers and other information for some 200,000 Americans as well as Equifax trade secrets, the indictment says."For years, we have witnessed China's voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott Hotels and Anthem health insurance companies, and now the wholesale theft of credit and other information from Equifax," Barr said.

"This data has economic value," he added, "and these thefts can feed China's development of artificial intelligence tools, as well as the creation of intelligence targeting packages."

The FBI's deputy director, David Bowdich, said there's no indication at this point that the stolen information has been used, including to target U.S. government officials. Prosecutors say the hackers tried to cover their tracks to avoid detection by routing their work through around 34 servers located in nearly 20 countries.

Cyber War 
The charges recently announced are the latest against Chinese or China-linked defendants in a string of Justice Department prosecutions, part of what Barr and other officials call a huge wave of espionage activity, including economic, directed at the US. 

Equifax CEO Mark Begor said in a statement on Monday that his company has tried to keep pace with cybersecurity but the sophistication of threats like that posed by China would test any company, or other targets. "Combating this challenge from well-financed nation-state actors that operate outside the rule of law is increasingly difficult," he said. "Fighting this cyberwar will require the type of open cooperation and partnership between government, law enforcement and private business that we have experienced firsthand."

Equifax was also fined £500,000 by the UK’s Information Commissioner’s Office for failing to protect the personal information of up to 15 million British consumers.

One year after the attacks Equifax reportedly spent more than £1 billion in clean-up costs and to overhaul its information security programme.As well as financial reimbursement, the company must also provide all of its US customers with six free credit reports every year for seven years.

NPR:     The Week:         DIGIT:      BBC:        Washington Examiner

You Might Also Read: 

The Financial Services Industry Just Does Not Get It:

Equifax: Insider Trading Charges:

 

 

« Cyber Attacks On Banks Could Trigger Financial Crisis
Labour Party Risks £15m Fine For Not protecting Members' Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Entrust

Entrust

Entrust is a global leader in digital security, identities, payments, and data protection.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Area 1 Security

Area 1 Security

Area 1 is the only Pay-per-Phish solution in cyber security. And the only technology that blocks phishing attacks before they damage your business.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.

Phone Monitoring Service

Phone Monitoring Service

Phone Monitoring Service provides cyber security services, ethical hacking services, social media hacking services in the USA, Canada, Europe.