Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the U.S. Justice Department said Monday, blaming Beijing for one of the largest hacks in history.
The 2017 breach affected roughly 145 million Americans, with the hackers successfully stealing names, Social Security numbers and other personal information stored in the company’s databases.
The four — members of the People’s Liberation Army (PLA), an arm of the Chinese military — are also accused of stealing the company’s trade secrets, law enforcement officials said. They were identified in a news release as Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei.
The case comes as the Trump administration has warned against what it sees as the growing political and economic influence of China, and efforts by Beijing to collect data on Americans and steal scientific research and innovation.
“This was a deliberate and sweeping intrusion into the private information of the American people,” Attorney General William Barr said in a statement.
“Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us,” he said.
The case is one of several the U.S. Justice Department has brought over the years against members of the PLA. The Obama administration in 2014 charged five Chinese military hackers with breaking into the networks of major American corporations to siphon trade secrets.
The criminal charges were filed in federal court in Atlanta, where the company is based.
The indictment, which details efforts the hackers took to cover their tracks, includes charges of conspiracy to commit computer fraud, conspiracy to commit economic espionage and conspiracy to commit wire fraud.
The indictment also alleges that the hackers “obtained personally identifiable information belonging to nearly a million citizens of the United Kingdom and Canada.” It did not provide a breakdown, but weeks after the breach, Equifax estimated the number of customers affected at around 700,000 in the United Kingdom and nearly 20,000 in Canada.
The hackers spent weeks in the Equifax system, breaking into computer networks, stealing company secrets and personal data, Barr said.
They routed traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location.
Equifax was criticized soon after the hack for not acting on earlier warnings of vulnerabilities, but on Monday government officials credited the company with aiding the investigation.