U.S. Charges Chinese Military Officers in Massive Equifax Hack

Four members of China's People's Liberation Army were charged with masterminding the 2017 Equifax data breach that compromised the personal information of approximately 145 million Americans, prosecutors announced on February 10, 2020.

The indicted individuals—Wu Zhiyong, Wang Qian, Xu Ke, and Lieu Lei—all members of the PLA's 54th Research Institute—were accused of exploiting a known vulnerability in Apache Struts software that powered Equifax's dispute resolution portal. Through this entry point, the attackers gained persistent access to the company's network and maintained their presence undetected for nearly three months.

Hackers first penetrated Equifax's systems no later than May 13, 2017, and continued stealing data through July 30, 2017. During that window, they conducted approximately 9,000 search queries across Equifax's databases, extracting Social Security numbers, driver's license numbers, and passport photos belonging to millions of Americans. The breach also exposed Equifax trade secrets, including proprietary methods for assembling and storing data.

To avoid detection, the attackers employed sophisticated techniques. They routed stolen data through roughly 34 servers spanning approximately 20 countries, encrypted their communications, and systematically deleted logs on a daily basis. This methodical approach allowed them to operate within Equifax's network for weeks without triggering alarms.

U.S. Attorney General William Barr described the theft as staggering in scale. "This was one of the largest data breaches in history," Barr said, characterizing the attack as part of a broader pattern of state-sponsored Chinese intrusions targeting American companies and institutions.