Security News > 2020 > February > U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

The U.S. Justice Department today unsealed indictments against four Chinese officers of the People's Liberation Army accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans.

While the DOJ's announcement today portrays Equifax in a somewhat sympathetic light, it's important to remember that Equifax repeatedly has proven itself an extremely poor steward of the highly sensitive information that it holds on most Americans.

Equifax's actions immediately before and after its breach disclosure on Sept 7, 2017 revealed a company so inept at managing its public response that one couldn't help but wonder how it might have handled its internal affairs and security.

This is especially notable because on Sept. 12, 2017 - just five days after Equifax went public with its breach - KrebsOnSecurity broke the news that the administrative account for a separate Equifax dispute resolution portal catering to consumers in Argentina was wide open, protected by perhaps the most easy-to-guess password combination ever: "Admin/admin."

Sudhakar Reddy Bonthu, a former manager at Equifax who was contracted to help the company with its breach response, bought 86 "Put" options in Equifax stock on Sept. 1, 2017 that allowed him to profit when the company's share price dropped.

News URL

https://krebsonsecurity.com/2020/02/u-s-charges-4-chinese-military-officers-in-2017-equifax-hack/