The United States Department of Justice charged four Chinese intelligence officers with hacking-related offenses after the September 2017 breach of credit reporting agency Equifax that affected nearly 150 million Americans and many foreign citizens. U.S. Attorney General William Barr said during a press conference the hackers are also charged with “stealing the sensitive personal information of nearly half of all American citizens.”
Barr called it a “a deliberate and sweeping intrusion into the private information of the American people.” He went on to say Chinese hackers have a “voracious appetite” for personal data on Americans.
The Attorney General also said though it is not standard procedure for the U.S. Department of Justice to charge foreign military and intelligence officials, the Equifax breach warranted it due to its massive impact. The crime “cannot be countenanced,” he said.
Federal prosecutors filed the nine-count indictment of the four People’s Liberation Army members Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei in Atlanta. Prosecutors allege the four stole company trade secrets. The other alleged crimes include computer fraud, economic espionage, and wire fraud.
FBI Deputy Director David Bowdich said the law enforcement agency could not actually take the four into custody for prosecution and possible sentencing should they be found guilty but noted: “one day, these criminals will slip up, and when they do, we’ll be there.”
Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei face charges of computer fraud, economic espionage, and wire fraud for their role in one of the largest thefts of personally identifiable information by state-sponsored hackers ever recorded. https://t.co/KcZ8lOfpbd pic.twitter.com/65vDyh4HTx
— FBI (@FBI) February 10, 2020
Following the 2017 breach, people’s social security numbers, birth dates, and other personal information was exposed.
The charges come after Equifax’s agreement with the Federal Trade Commission to pay at least $650 million for a settlement. Those affected were able to request a payout of up to $125 or receive free credit monitoring.
However, due to the “overwhelming” volume of requests to be compensated the FTC has warned the actual amount people will receive will be far less than $125 because only $31 million of the settlement amount was allocated for those cash payouts. the agency wrote in a July 2019 guidance that: “You can still choose the cash option on the claim form, but you will be disappointed with the amount you receive, and you won’t get the free credit monitoring.”
It turns out opting for the free credit monitoring services was actually a better deal because you were able to get four years of service from the three major credit reporting bureaus – Equifax, Experian, and TransUnion – plus free identity theft prevention. The monetary value of which was likely going to be more than any whittled down cash payout.
Among the many data intrusions the U.S. government blames China for are the 2015 hacks of health insurance company Anthem during which 80 million current and former members and employees’ details were exposed and the federal government human resources agency the Office of Personnel Management. Chinese hackers were also suspected in the 2018 breach of hotel chain Marriott, which affected 500 million guests’ data.