It Was The Chinese Army That Hacked Equifax

Uploaded on 2020-02-17 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

US has charged four Chinese military officers for cyber-attacks on credit rating giant Equifax in 2017 and stealing the personal information of about 145 million Americans. Millions of Canadian and British customers were also affected by the cyber-attack, which has been described as one of the largest data breaches in history.

Between May and the end of July 2017, the hackers stole 145.5 million social security numbers and 209,000 payment card numbers and expiration dates as well as names and addresses and Equifax’s company secrets, according to US Law Enforcement officials.

The charges against the men include conspiracy to commit computer fraud, conspiracy to commit economic espionage and conspiracy to commit wire fraud.In an indictment handed up by a grand jury in Atlanta, the men face nine counts including conspiracy to commit computer fraud and conspiracy to commit economic espionage. 

Attorney General William Barr, who announced the charges, called it the latest example of what he said was a sweeping campaign by China's government to steal seemingly endless amounts of data from the United States. "Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets and other confidential information," Barr said.

Equifax, which is based in Atlanta, compiles information on millions of Americans as part of the loan and finance system. Last year, it paid up to $700 million in fines and monetary relief to consumers.
The four men who have been charged are members of the 54th Research Institute of the People's Liberation Army, according to the indictment. 

Cyber Attack Access
The defendants illegally accessed Equifax's network through a vulnerability in the company's online dispute portal, prosecutors say. Once inside the system, they vacuumed up names, birth dates and social security numbers for 145 million Americans, nearly half of all Americans. They stole credit card numbers and other information for some 200,000 Americans as well as Equifax trade secrets, the indictment says."For years, we have witnessed China's voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott Hotels and Anthem health insurance companies, and now the wholesale theft of credit and other information from Equifax," Barr said.

"This data has economic value," he added, "and these thefts can feed China's development of artificial intelligence tools, as well as the creation of intelligence targeting packages."

The FBI's deputy director, David Bowdich, said there's no indication at this point that the stolen information has been used, including to target U.S. government officials. Prosecutors say the hackers tried to cover their tracks to avoid detection by routing their work through around 34 servers located in nearly 20 countries.

Cyber War 
The charges recently announced are the latest against Chinese or China-linked defendants in a string of Justice Department prosecutions, part of what Barr and other officials call a huge wave of espionage activity, including economic, directed at the US. 

Equifax CEO Mark Begor said in a statement on Monday that his company has tried to keep pace with cybersecurity but the sophistication of threats like that posed by China would test any company, or other targets. "Combating this challenge from well-financed nation-state actors that operate outside the rule of law is increasingly difficult," he said. "Fighting this cyberwar will require the type of open cooperation and partnership between government, law enforcement and private business that we have experienced firsthand."

Equifax was also fined £500,000 by the UK’s Information Commissioner’s Office for failing to protect the personal information of up to 15 million British consumers.

One year after the attacks Equifax reportedly spent more than £1 billion in clean-up costs and to overhaul its information security programme.As well as financial reimbursement, the company must also provide all of its US customers with six free credit reports every year for seven years.

NPR:     The Week:         DIGIT:      BBC:        Washington Examiner

You Might Also Read: 

The Financial Services Industry Just Does Not Get It:

Equifax: Insider Trading Charges:

 

 

« Cyber Attacks On Banks Could Trigger Financial Crisis
Labour Party Risks £15m Fine For Not protecting Members' Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

Swiss Re

Swiss Re

Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer including cyber risk.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Peraton

Peraton

Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

Runecast Solutions

Runecast Solutions

Runecast Solutions is a global leader in AI-powered risk mitigation, security, continuous compliance and more efficient IT operations management.