Receive our daily newsletter

DOJ Charges Chinese Military Personnel with Stealing Consumer Information from Equifax's picture
Commentary by Keith Gerver

The DOJ charged four members of the Chinese People's Liberation Army ("PLA") with breaking into Equifax's protected computers and stealing approximately 145 million Americans' personal information. The DOJ alleged that the PLA members also collected the sensitive information of nearly one million citizens in the United Kingdom and Canada.

According to the criminal indictment, Equifax holds a "colossal" repository of sensitive personally identifiable information that it sells to businesses responsible for assessing an individual's creditworthiness. Between May 13, 2017 and July 30, 2017, the DOJ stated, the four PLA members conspired to hack into Equifax's protected computers to steal this data. Specifically, the DOJ alleged that the PLA members:

  • stole (i) log in credentials, (ii) sensitive information stored on Equifax's databases and (iii) protected trade secrets;

  • uploaded multiple unauthorized web shells to the Equifax web servers and conducted reconnaissance of Equifax's online dispute portal;

  • conducted a series of queries to search for sensitive information on the Equifax databases and then divided the large data files of stolen information into "more manageable" files for transmission;

  • used approximately 34 servers based in 20 countries to (i) hide the origin and location of the PLA members' internet traffic and (ii) avoid detection;

  • disguised their (i) unauthorized access to Equifax's online dispute portal and (ii) exfiltration of sensitive information by using encrypted communication channels that were already in existence on Equifax's network; and

  • wiped log files on a daily basis and deleted compressed files following the exfiltration of sensitive data in order to further avoid detection.

As a result, the PLA members allegedly obtained (i) approximately 145 million Americans' names, birth dates and social security numbers, (ii) at least 10 million Americans' driver's license numbers and (iii) roughly 200,000 Americans' credit card numbers.


Indicting members of foreign intelligence services with little expectation of actual prosecution is best seen as a signaling tool - by exposing the operation and individuals involved, the U.S. intelligence community sends the message that such methods will not work in the future. The indictments also are a reminder that the kind of credit reporting information maintained by Equifax is particularly valuable to foreign intelligence services, which hope to use it (possibly in combination with other information) to identify individuals who may be susceptible to foreign influence and exploitation. In addition to being a cybersecurity issue, concern regarding access by foreign persons to sensitive personal data, especially of Americans with national security, intelligence, or homeland security responsibilities, is reflected in the expansion of the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS) to include investments by foreigners in U.S. businesses that maintain such data.

Email me about this

Related Articles

Premium Content

Available only to Cabinet Premium subscribers.



Data Protection
Affected Jurisdiction: