According to the Attorney General to the U.S., William Barr, China has a "voracious appetite" for Americans' personal data. The Department of Justice announced the charges against four Chinese hackers, marking one of the rare times the U.S. has brought criminal charges against the members of another country's military.
In 2017, Chinese actors used a vulnerability in Equifax's (NYSE: EFX) site to hack into their network and gain access to the personal information of millions of Americans. Equifax is a credit agency, meaning the thieves had access to names, birth dates, and social security numbers of 145 million Americans. That's nearly half of the total population of the United States. They used 34 servers in 20 different countries to cover their tracks and downloaded the information in small pieces to streamline the process. Hackers had access to Equifax's network for nearly three months.
"This was one of the largest data breaches in history," Attorney General William Barr said at a press conference on Monday.
According to the Federal Bureau of Investigation, the stolen information has yet to be used, but it could still be used for nefarious purposes in the future.
"This is the largest theft of sensitive [personally identifiable information] by state-sponsored hackers ever recorded. This indictment is also a reminder that with their attacks on our economy, our cyber infrastructure and our citizens, China is one of the most significant threats to our national security today," said FBI Deputy Director David Bowdich.
Equifax is being punished for its security vulnerability; the company settled a class action lawsuit for more than $700 million in 2019.
"The hackers also stole Equifax's trade secrets, embodied by the compiled data and complex database designs used to store the personal information. Those trade secrets were the product of decades of investment and hard work by the company," said Barr.
Equifax has voiced their appreciation for the work the DOJ has done to investigate the breach. Equifax Chief Executive Mark Begor released a statement thanking the Justice Department for investigating "cybercrime - especially state-sponsored crime - with the seriousness it deserves,"
The four hackers were members of the 54th Research Institute, a component of China's People's Liberation Army: Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei. The Attorney General acknowledged that the U.S. does "not normally bring criminal charges against the members of another country's military or intelligence services outside the United States."
This isn't the first time China has been the culprit behind a serious hacking incident. In 2014, five Chinese military hackers were charged for hacking six American companies from the nuclear power, metal and solar industries. In 2015, sensitive personal information about U.S. officials applying for security clearance was compromised by a breach at the Office of Personnel Management carried out by Chinese hackers.
According to Michael Daniel, a former White House cybersecurity coordinator, the Equifax hack is characteristic of other hacks carried out by Chinese actors.
"About 80% of our economic espionage prosecutions have implicated the Chinese government, and about 60% of all trade secret theft cases in recent years involved some connection to China," Barr said.
Technology company Huawei is another Chinese entity that the U.S. government suspects of hacking. The company which develops 5G networks has been banned in the U.S. entirely, but the U.K. has decided to give the company limited access to non-vital areas. Prime Minister Boris Johnson's decision to ignore U.S. warnings about the company has resulted in tension between Johnson and President Donald Trump, a staunch enemy of Huawei.
Frighteningly, FBI Director Christopher Wray said the bureau "has about 1,000 investigations involving China's attempted theft of U.S.-based technology in all 56 of our field offices, and spanning just about every industry and sector."
China, meanwhile, has denied all allegations against them. According to Chinese foreign ministry spokesman Geng Shuang, China's government and military "never engage in cyber theft of trade secrets."