The US has blamed China for the 2017 Equifax hack as prosecutors announced hacking and espionage charges against four Chinese military officers.
Federal officials on Monday portrayed the 2017 attack on the consumer credit agency as just one part of an continuing effort by China to steal US data and intellectual property.
The personal data of almost 150m Americans were compromised in the breach, along with 1m citizens of Canada and the UK. Equifax agreed a $800m US settlement last year over the hack.
William Barr, the US attorney-general, said the attack on Equifax was a “deliberate and sweeping intrusion into the private information of the American people.
“Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens,” he added.
The attorney-general said the stolen data could be useful for Chinese efforts to develop artificial intelligence technologies and for targeting Americans in intelligence operations.
The US has stepped up its efforts to combat what it views as Chinese economic espionage and to enlist the support of American companies and institutions.
Last week, Mr Barr warned that “China’s current technological thrusts pose an unprecedented challenge to the United States”. Beijing had mounted a “technological blitzkrieg”, he said.
The Chinese embassy in Washington did not immediately return a request for comment on the charges.
The indictments are only the second time the US has charged Chinese military hackers, according to David Bowdich, deputy director of the FBI.
In 2014, the US charged members of the Chinese military with hacking and economic espionage linked to American companies including a nuclear power plant operator.
“When China violates our criminal laws and international norms, we will not tolerate it and we will hold them accountable,” said Mr Bowdich. He added that the FBI had no evidence so far that China had used stolen data the against Americans.
In the aftermath of Equifax attack, executives were hauled before Congress, the company changed its leadership, and Equifax faced a flurry of lawsuits and investigations. Insider trading convictions even emerged from the scandal after two employees were accused of trading after learning of the hack before it was made public.
Last year, the Federal Trade Commission, along with other federal and state authorities and private plaintiffs, agreed a settlement that made Equifax liable for almost $800m.
At the time, Joseph Simons, chairman of the FTC, said the company had “failed to take basic steps” that could have prevented the intrusion into Equifax’s databases.
In the FTC settlement, and the criminal indictment, the entry point for the hackers was described as an unfixed software vulnerability the US government had warned about two months prior to the attack.
Officials on Monday praised Equifax for its co-operation with their investigation.
Mark Begor, Equifax’s chief executive, said in a statement that the company was grateful for federal investigators’ efforts. “The attack on Equifax was an attack on US consumers as well as the United States,” he said.
