The four alleged hackers—Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei—allegedly used a vulnerability in web software on an Equifax server to enter the company’s network and then spent months probing the network and databases, surreptitiously smuggling information out of Equifax’s systems. They allegedly routed traffic through dozens of different servers across the world, covering their tracks and regularly deleting evidence of their work in order to evade detection.
“In short, this was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military,” Attorney General William Barr said in a statement.
Last year, Equifax agreed to pay $700 million to settle federal and state probes into the breach, although it’s possible that individuals who file claims in the settlement may only see a few dollars each.
Chinese officials have previously been accused in other high-profile hacks, with Barr pointing in his statement to alleged Chinese involvement in recent breaches at the U.S. Office of Personnel Management, health insurer Anthem, and the Marriott hotel chain.
“This data has economic value, and these thefts can feed China’s development of artificial intelligence tools as well as the creation of intelligence targeting packages,” he said.