WASHINGTON, D.C.–Four members of the Chinese Liberation Army have been indicted for the 2017 hacks into Equifax that affected four million Hoosiers and led to a lawsuit by the state over the company’s vulnerability and what state Atty. Gen. Curtis Hill called Equifax’s negligence.
U.S. Atty. Gen. William Barr announced the indictments Monday, saying the hackers found their way in through a vulnerability in the company’s dispute resolution system.
“This was one of the largest data breaches in history,” said Barr. “The hackers obtained the names, birth dates and social security numbers of nearly 150 million Americans and the drivers licensees of at least ten million Americans.”
Barr said the theft caused significant financial damage to Equifax with the theft of trade secrets and the exposure of the company to legal action.
But, he said, it also caused nearly half of all Americans some to have to protect themselves from identity theft, which Equifax offered to help with as part of its attempt to resolve their obligation to customers.
Barr also said the hacks exposed activities by China that have become routine.
“Once in the network the hackers spent weeks conducting reconnaissance, uploading malicious software and stealing login credentials,” he said. “For years we have witnessed China’s voracious appetite for the personal data of Americans, including the intrusion into Marriott Hotels and Anthem Health Insurance companies.”
Barr said the thefts can feed China’s development of artificial intelligence tools as well as the creation of intelligence targeting packages, at the expense of American and Hoosiers.
Hill sued in 2019, saying the breach never would have happened if Equifax followed basic procedures, laws and their own standards.
Hill said in 2015, Equifax was made aware of thousands of internal and external vulnerabilities, but did not follow their own policies about getting them fixed in a timely manner. In one of their programs, passwords were short and easy to guess, said the AG.