Security News > 2020 > February > US charges four Chinese military members with Equifax hack
The US has charged the Chinese military with plundering Equifax in 2017.
According to the indictment, the four allegedly pried open Equifax by exploiting a vulnerability in the Apache Struts Web Framework software used by the credit reporting agency's online dispute portal.
The indictment says that the Chinese military staffers used that access to conduct reconnaissance of Equifax's online dispute portal and to obtain login credentials that could be used to further poke around in Equifax's network.
In July 2019, the Federal Trade Commission announced that Equifax had agreed to pay $675 million - up to possibly $700 million - as part of a settlement for failing to secure the huge amount of personal information stored on its network.
Finally, Equifax agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, as well as $100 million to the Consumer Financial Protection Bureau in civil penalties.
News URL
Related news
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- US Chip Export Rule Proposes Limits to Thwart Chinese GPUs (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon (source)
- Chinese cyberspies use new SSH backdoor in network device hacks (source)
- Spain arrests suspected hacker of US and Spanish military agencies (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)