Security News > 2020 > February > US charges four Chinese military members with Equifax hack
The US has charged the Chinese military with plundering Equifax in 2017.
According to the indictment, the four allegedly pried open Equifax by exploiting a vulnerability in the Apache Struts Web Framework software used by the credit reporting agency's online dispute portal.
The indictment says that the Chinese military staffers used that access to conduct reconnaissance of Equifax's online dispute portal and to obtain login credentials that could be used to further poke around in Equifax's network.
In July 2019, the Federal Trade Commission announced that Equifax had agreed to pay $675 million - up to possibly $700 million - as part of a settlement for failing to secure the huge amount of personal information stored on its network.
Finally, Equifax agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, as well as $100 million to the Consumer Financial Protection Bureau in civil penalties.
News URL
Related news
- Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks (source)
- US charges Chinese nationals with cyber-spying on pretty much everyone for Beijing (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack (source)
- US senator wants to put the brakes on Chinese EVs (source)