Equifax breach was the work of Chinese state hackers, DOJ says

Enlarge / A monitor displaying Equifax Inc. signage on the floor of the New York Stock Exchange in New York on Friday, September 15, 2017.Michael Nagle/Bloomberg | Getty Images

The saga of Equifax's massive 2017 data breach continues, as the Justice Department this morning announced formal charges against four members of the Chinese military allegedly behind the hack.

Attorney General William Barr today made public an indictment (PDF) filed in federal court in Atlanta (where Equifax is based). Four members of the People's Liberation Army are charged with hacking into the company to steal both individuals' data and company trade secrets. The men used a known vulnerability in Apache Struts to enact "a deliberate and sweeping intrusion into the private information of the American people," Barr said.

All four men—Wang Qian, Xu Ke, Liu Lei, and Wu Zhiyong—are members of the Chinese army's 54th Research Institute and face a total of nine charges, including computer fraud, wire fraud, and economic espionage, as well as conspiracy to commit computer fraud, wire fraud, and economic espionage. "This was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military,” Barr said.

Equifax disclosed the probable worst-ever leak of US individuals' data in September 2017. Eventually, Americans learned that over the course of three months, unauthorized persons took from Equifax data pertaining to 150 million individuals, including names, Social Security numbers, dates of birth, driver's license numbers, phone numbers, and email addresses. More than 200,000 consumers' credit card numbers were also accessed. Equifax, in its role as one of the "big three" credit agencies, has access to virtually all Read More – Source