Equifax, Cybersecurity & Foreign Actors

Nicholas J Price
5 min read
Nearly every adult has some type of credit history that's recorded on one of the three consumer reporting agencies ' Equifax, Experian or TransUnion ' if not all three. As young adults transition to living on their own, it's wise to counsel them to pay close attention to their credit reports. Credit reports are a major factor when buying a car, a home or any other major purchase. It can also be important if they choose to be a renter. All three consumer reporting agencies collect and store a wealth of personal information. Since we must rely on our credit to get us through life, it's wise to build a strong credit rating and check it periodically to be sure that it's correct and that it hasn't been tampered with.

As stakeholders in the consumer credit reporting practice, we'd like to be able to take for granted that our credit and other personal information is highly protected. What's worse than news of a data breach is the news that the data breach was inflicted by a foreign actor that could threaten national security. Recent indictments over the Equifax data breach point to China's military. While the investigation has implicated four members of China's military, several questions remain. What was their motivation? What do they plan to do with the information? How much harm could the breach pose to the United States, and what form will it take?

Indictments Made Against Members of China's Military

In 2017, Equifax made major headlines when it was announced that their database had been broken into and the sensitive data of over 147 million Americans had been compromised. News of the breach sent shockwaves through the nation as people scrambled to see whether they were among the millions whose data was affected by the breach. The personal data that was stolen included social security numbers, driver's license numbers, addresses and birthdays. The defendants used 34 servers in 20 countries in this highly sophisticated break-in.

In recent months, Equifax, in collaboration with the Federal Trade Commission, agreed to compensate victims of the breach in a $700 million settlement.

The incident led to several congressional hearings. The agency's CEO, Richard Smith, voluntarily resigned and left the company with over $90 million in salary, commission and other forms of compensation. The investigation revealed that there was a known vulnerability that hadn't been properly patched for months. The incident was entirely preventable.

Recently, a federal grand jury in Atlanta sent a clear message by indicting four members of China's military on charges of hacking, theft and stealing trade secrets in connection with the Equifax breach. The Chinese nationals are part of the People's Liberation Army and the jury returned a nine-count indictment against them.

Ironically, the charges were filed on the heels of the first phase of a trade agreement between the two countries.

While there have been cyberattacks by Chinese nationals in the past, the Chinese government denies any involvement in the Equifax attack or past such attacks. In fact, a spokesperson for China's Ministry of Foreign Affairs assured the U.S. that China staunchly defends cybersecurity and that their government, military and other relevant personnel don't pursue cyber theft of trade secrets.

Equifax Breach Was Not an Isolated Incident

U.S. Attorney General William Barr clarified the proper use of data by governments by saying that governments should only collect information for legitimate national security purposes without violating the privacy of common citizens. Barr added that the intrusion by the Chinese nationals was a '...deliberate and sweeping intrusion into the private information of the American people.'

The first indictment came in May 2014, when five Chinese military officers were accused of cyber-crimes. China officials have repeatedly denied illegal activity and have warned that attempts to vilify China could harm foreign relations.

In 2017, officials reported that China had hacked the Office of Personnel Management, stealing over 20 million files. In the same year, they reported that tens of millions of records had also been stolen from the insurance company Anthem, Inc. U.S. officials also blame China for a hack on Marriott International Inc. that resulted in the theft of hundreds of millions of their records; an indictment may be forthcoming in this case.

According to The Wall Street Journal, a former employee of Equifax had stolen information that could help China develop a national credit reporting system of its own. In recent years, cyberattacks by the Chinese have also occurred in Russia, Iran and North Korea.

Determining the Motivation for the Attacks

U.S. Intelligence officials have the task of determining the hackers' motivation and what uses they may have for the information they stole. They're concerned that such large amounts of data could have value for counterintelligence and might be used to create profiles of U.S. diplomats or undercover spies. They noted that the Equifax incident equates to economic espionage. Investigators have also suggested that Chinese intelligence could use the data to monetize it, develop artificial intelligence capabilities or target packages meant for U.S. Government officials.

The Trump administration had accused China in the past of breaching a pact between the two countries not to use cyberattacks to steal trade secrets. Experts agree that there isn't strong evidence to indicate the claim of stealing trade secrets in the Equifax breach. U.S. officials are concerned that these attacks could allow China to surpass the United States as a global superpower.

What Do the Attacks Mean for American Businesses?

The type and seriousness of global cybercrime that the investigations with China have revealed should serve as a wakeup call for American businesses. If Equifax is a target, every business in America is a target.

To start at the top, how safe is your board business? With a Diligent board management software program, you are not only getting top-of-the-line software. That software comes with state-of-the-art security that is continually monitored and actively evaluated with regular penetration testing. Diligent Boards offers a fully featured program where all your communications, files and governance tools are fully integrated under one, fully secure platform. In this day and age, it's important to protect your business with the same diligence as you protect your credit report.