AP Photo/Jacquelyn Martin
Four Chinese military personnel have been indicted in the massive hack of Equifax's computer network nearly three years ago, a data breach that exposed the sensitive information of about 145 million Americans, the Justice Department revealed Monday. The breach occurred between May and July of 2017 and has been called one of the largest — and perhaps one of the most dangerous — in U.S. history. An FBI official heralded the news as a “day of reckoning."
According to the criminal indictments, the data breach at the credit-reporting giant, which is based in Atlanta, exposed:
- The names, birth dates and Social Security numbers of the approximately 145 million victims, who represent nearly half the U.S. population, which now exceeds 329 million.
- Driver's license numbers stored on Equifax databases for at least 10 million Americans.
- Credit card numbers and other identifiers belonging to about 200,000 U.S. consumers.
- The personal information of nearly a million citizens of the United Kingdom and Canada.
"This was a deliberate and sweeping intrusion into the private information of the American people,” Attorney General William Barr said in announcing the indictments.
The grand jury indictments were handed down last month in the Atlanta-based U.S. District Court for the Northern District of Georgia. The allegations were unsealed Monday.
The indictments allege that the four defendants are part of the People's Liberation Army, a branch of China's military. The defendants allegedly conspired with others to exploit a vulnerability in the software used by Equifax's online dispute portal. The attackers ran about 9,000 queries on Equifax's computer system and took steps to evade detection by routing traffic through about 34 computer servers in nearly 20 countries.
"This was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans,” Barr said, “as well as the hard work and intellectual property of an American company, by a unit of the Chinese military."
FBI Deputy Director David Bowdich said the indictments reflect a commitment to act against cybercriminals no matter who or where they are. “This is not the end of our investigation. To all who seek to disrupt the safety, security and confidence of the global citizenry in this digitally connected world, this is a day of reckoning,” he added.
Last July federal and state officials announced a civil settlement with Equifax of up to $425 million in connection with the massive breach. The deal to resolve class action litigation was reached between the firm and the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau and state attorneys general. The FTC said that although the Jan. 22 deadline to file a claim for settlement funds had passed, victims still have recourse. If any expenses are incurred between Jan. 23, 2020, and Jan. 22, 2024, as a result of identity theft or fraud related to the breach, victims may file a claim for losses from unauthorized charges to their accounts; fees paid to professionals, such as accountants or attorneys, to help them recover from identity theft; and other expenses such as notary and document-shipping fees.
According to the FTC, you can check online to determine whether your personal data was compromised in the Equifax breach.
In a statement Monday, Equifax CEO Mark Begor thanked federal officials and said the firm is spending $1.25 billion between 2018 and 2020 to enhance its data security and technology.
"The attack on Equifax was an attack on U.S. consumers as well as the United States,” Begor said.