Posted on

If China did hack Equifax, some Americans may have more reasons to be concerned than others


MarketWatch photo illustration/iStockphoto

Federal prosecutors indicted four members of China’s People’s Liberation Army for the 2017 data breach at Equifax.

More than two years after hackers swiped the personal information of nearly 150 million Americans from Equifax computers, federal prosecutors this week charged four members of China’s army with carrying out the 2017 cyberattack on the credit bureau.

The four charged men— Wang Qian, Wu Zhiyong, Xu Ke, and Liu Lei, members of the China’s People’s Liberation Army — have not been arrested and are believed to be living in China. These also allegedly stole Equifax

EFX, -0.91%

 trade secrets like database designs, said Attorney General William Barr.

In cases such as this, hackers with personally identifiable information could typically wreak all sorts of havoc, like phishing for more financial details from those affected and/or running up a bill on a credit card, filing a false tax return to pocket the refund, opening up a line of credit or selling the valuable information to others.

But cybersecurity experts say consumers should be less worried about random charges on their credit-card bill — and more worried, as citizens, about China’s ability to gather intelligence on America’s strengths and weaknesses on a vast scale.

“When you have a nation-state attack, it’s not about the dollars, it’s more about meeting your mission,” said Larry Ponemon, founder of the Ponemon Institute, a think tank focused on cyber-security matters. “If your mission is to advance Chinese government interests, that could be more important than selling customer accounts.’

For hackers uninterested in turning a profit, small amounts of information, like intellectual property and trade secrets, could be “more valuable than large amounts of customer information,” Ponemon added.

Government employees should be vigilant

Government employees affected by the breach likely have a higher risk of having their information used against them, said Adam Segal, director of the Council on Foreign Relations’ Digital and Cyberspace Policy Program. Stolen data could be used to detect whether government workers had debts and — in the most extreme scenario — they could even be targeted to become an informant for the Chinese government, he said.

Tom Kellerman, head of cybersecurity strategy at VMWare Carbon Black, a cybersecurity provider, said people working in the technology, mining and energy sectors should also stay vigilant. He said these employees should regularly update their operating systems, be on the lookout for any suspicious links or phone calls, and always use cybersecurity software at home and at work, and on all mobile devices.

Laura DeNardis, author of “The Internet in Everything: Freedom and Security in a World with No Off Switch” and interim dean at American University’s School of Communication, said China’s alleged involvement in the Equifax breach was more about espionage than consumer issues. “Cybersecurity capability is now a chilling proxy for political power,” she said.

Whether you’re a government employee or work in the private sector, Eva Velasquez, president and CEO of the Identity Theft Resource Center, urged people to monitor their credit reports. “We should be taking the same reaction steps regardless of who the perpetrator is,” she said. “I want people to focus more on the data compromise and less on who did the compromising.”

China has denied the Equifax charges

The charges are a high-profile flashpoint for America and China, fresh off a “Phase 1” trade deal. They also mark a new, perhaps unexpected, twist for roughly half of America’s consumers, who had their data taken in the massive breach. Equifax reached a $700 million settlement last summer on a consumer class-action case but it did not admit liability in the agreement.

When attorneys unveiled the class-action settlement, Equifax CEO Mark Begor said the company hadn’t seen the stolen data on sale on the dark web — which is often where stolen data ends up — since the breach. On Monday, he called the cyber attack “an attack on U.S. consumers as well as the United States.”

China has denied the allegations. China’s foreign ministry spokesman Geng Shuang said, We firmly oppose and combat cyberattacks of any kind. China is a staunch defender of cybersecurity,” the Associated Press reported, “The Chinese government, military and relevant personnel never engage in cyber theft of trade secrets.”

Barr linked China to data breaches at the U.S. Office of Personnel Management in 2015, the Marriott

MAR, +1.00%

 hotel chain in 2018 and Anthem

ANTM, +1.21%

 health-insurance company in 2015 — “and now the wholesale theft of credit and other information from Equifax,” he added. (A Marriott International spokesman declined to comment and Anthem Inc. did not immediately respond to a request for comment.)

Equifax shares are up more than 10% since the start of the year. The Dow Jones Industrial Average

DJIA, +0.00%

  is up 2.5%, while the S&P 500

SPX, +0.17%

  is up almost 4% in that same time.

(The Associated Press contributed to this report.)

Source: – Top Stories