Chinese Military Charged With 2017 Equifax Hacking
Chinese military personnel were charged with hacking Equifax in 2017 and stealing personal data, DOJ announced Monday. A federal grand jury charged four members of the Chinese People’s Liberation Army with conspiring to steal data from some 145 million Americans during a three-month hacking. Attorney General William Barr said this economic espionage “fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.” Equifax CEO Mark Begor thanked DOJ for treating state-sponsored cybercrime with the “seriousness” it deserves: “Combating this challenge from well-financed nation-state actors that operate outside the rule of law is increasingly difficult. Fighting this cyberwar will require the type of open cooperation and partnership between government, law enforcement and private business that we have experienced firsthand.” The indictment doesn’t excuse Equifax deficiencies that enabled the breach, Senate Intelligence Committee Vice Chair Mark Warner, D-Va., said: “A company in the business of collecting and retaining massive amounts of Americans’ sensitive personal information must act with the utmost care -- and face any consequences that arise from that failure.” He urged support for his data broker legislation with Sen. Elizabeth Warren, D-Mass. (see 1905070066). The Chinese Embassy didn't comment. Sen. Ron Wyden, D-Ore., echoed Warner, saying companies become “irresistible targets” when cutting corners on security. He urged support for his Mind Your Own Business Act (see 1910170035). The indictments show a need for secure infrastructure, not “onerous privacy regulations,” Information Technology and Innovation Foundation Vice President Daniel Castro said Monday: “The ongoing debate about consumer data privacy has been muddled and misguided from the outset -- focusing the blame on corporate victims rather than on the perpetrators of state-directed cyber espionage.”