In 2017, the United States saw one of the biggest thefts of personal data in its history when Chinese hackers stole information of 145 million Americans. The data included their names, addresses, Social Security Number (SSN) and their driver’s license numbers from Equifax credit reporting agency. The theft was the latest attempt by China to aggressively collect intelligence from another country and invade the privacy of millions of Americans.
According to Attorney General William Bar, this theft had incurred a major financial loss to Equifax and this staggering scale of the breach also imposed cost and burden of protection against identity theft on the people.
The US has long suspected China of trying to crack holes amongst numerous American corporations that include hotel chains to health insurance companies. Trump’s administration has been increasingly skeptical of China and the surveillance risks it poses, despite a trade pact being in place between the two countries. Huawei, a leading Chinese global provider of communication technology, infrastructure, and smart devices are in the race to be a part of new, high-speed 5G wireless network and in the wake of this insight, the US government is fearful about the cybersecurity of its citizens.
The theft confirms fears of US officials that the Chinese government is trying to collect as much information about Americans as they can.
The problem with identity theft and access to personal information is that it can be exploited by the one holding it. China can target anyone from the government officials to the common man through this information and come to know the weaknesses that can be used further for exploitation and blackmail.
The hackers named Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, have been identified as members of the Chinese People’s Liberation Army’s 54th Research Institute. This arm of the Chinese military was accused of a series of invasion into American Organizations back in 2014.
According to the prosecutors, the hackers ran almost 9,000 SQL queries on Equifax’s system and created an archive which contained 49 directories that were later split into smaller silos of data and downloaded from the Equifax system to a Dutch server. The data was accessed by obtaining log-in credentials of the system and the use of the Dutch server was an attempt to cover the tracks. The hackers were also smart enough to remove log files at intervals during the duration of the theft and routed traffic through multiple servers.
Besides the personal information theft, the hackers also obtained company’s sensitive information such as confidential trade information and their database designs. Equifax happens to be one of the three biggest consumer credit reporting agencies and is headquartered in Atlanta. It collects consumer data and sells it to businesses for the purpose of assessing the creditworthiness of individuals.
As of today, the hackers are not in custody and even though both countries have agreed to not indulge in spying on each other, it is clear that China has not kept its word.
One of the reasons, hackers were able to access data easily was because Equifax’s computer systems were not updated. Even though the company’s stock recovered, its reputation, unfortunately, hasn’t. Equifax reached a $700 million settlement over the data theft, last year and will start to pay the claims soon.