This Saturday, July 21, 2012, photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta.
Caption

This Saturday, July 21, 2012, photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta. / AP

A federal grand jury in Atlanta returned an indictment last week charging four members of the Chinese People’s Liberation Army with hacking into the computer systems of the credit reporting agency Equifax and stealing Americans’ personal data and Equifax’s valuable trade secrets.

About 145 million people were exposed by the data breach to possible ID theft. According to documents the company handed over to members of Congress, even more sensitive information was obtained as a result of the breach.

The nine-count indictment alleges that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊) were members of the PLA’s 54th Research Institute, a component of the Chinese military. They allegedly conspired with each other to hack into Equifax’s computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information.

Equifax waited more than a month to alert the public to the breach; three of its executives sold stock days after the hack was detected; and on multiple occasions, its official Twitter account directed customers to a fake phishing site rather than to its own security update site.

PREVIOUS COVERAGE: Equifax Promises A New Lifetime Service, As New Leader Offers An Apology

Attorney General William Barr called the hacking a deliberate and sweeping intrusion.

"Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”

According to the indictment, the defendants spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system. Once they accessed files of interest, the conspirators then stored the stolen information in temporary output files, compressed and divided the files, and ultimately were able to download and exfiltrate the data from Equifax’s network to computers outside the United States. In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens.

READ MORE FROM THE DEPARTMENT OF JUSTICE HERE

Tags: Equifax  Atlanta  Georgia