Security News > 2020 > February > US charges four Chinese military members with Equifax hack
The US has charged the Chinese military with plundering Equifax in 2017.
According to the indictment, the four allegedly pried open Equifax by exploiting a vulnerability in the Apache Struts Web Framework software used by the credit reporting agency's online dispute portal.
The indictment says that the Chinese military staffers used that access to conduct reconnaissance of Equifax's online dispute portal and to obtain login credentials that could be used to further poke around in Equifax's network.
In July 2019, the Federal Trade Commission announced that Equifax had agreed to pay $675 million - up to possibly $700 million - as part of a settlement for failing to secure the huge amount of personal information stored on its network.
Finally, Equifax agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, as well as $100 million to the Consumer Financial Protection Bureau in civil penalties.
News URL
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- US govt officials’ communications compromised in recent telecom hack (source)
- Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- US arrests Scattered Spider suspect linked to telecom hacks (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US military grounds entire Osprey tiltrotor fleet over safety concerns (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- Wyden proposes bill to secure US telecoms after Salt Typhoon hacks (source)