Security News > 2020 > February > US charges four Chinese military members with Equifax hack
The US has charged the Chinese military with plundering Equifax in 2017.
According to the indictment, the four allegedly pried open Equifax by exploiting a vulnerability in the Apache Struts Web Framework software used by the credit reporting agency's online dispute portal.
The indictment says that the Chinese military staffers used that access to conduct reconnaissance of Equifax's online dispute portal and to obtain login credentials that could be used to further poke around in Equifax's network.
In July 2019, the Federal Trade Commission announced that Equifax had agreed to pay $675 million - up to possibly $700 million - as part of a settlement for failing to secure the huge amount of personal information stored on its network.
Finally, Equifax agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, as well as $100 million to the Consumer Financial Protection Bureau in civil penalties.
News URL
Related news
- US adds web and gaming giant Tencent to list of Chinese military companies (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US military grounds entire Osprey tiltrotor fleet over safety concerns (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- Wyden proposes bill to secure US telecoms after Salt Typhoon hacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- US court finds spyware maker NSO liable for WhatsApp hacks (source)