Briefing: US charges 2 Chinese nationals for 2014 data breach
May 10, 2019
What happened: The US Justice Department charged two Chinese nationals over the 2014 hack of an American insurance company and three other unnamed US businesses in tech, raw materials, and communication services sectors. The indictment was unsealed on Thursday and named one individual, Wang Fujie, 32, from Shenzhen. The second accused remained anonymous under the pseudonym John Doe. The pair was charged with targeting employees of an Anthem subsidiary using spear-phishing emails and obtaining, within about a year, more than 80 million customer records and employee Social Security numbers, birth dates, addresses, email, and employment and income information, including information belonging to the CEO.
Why it’s important: The indictment called the attack “a brazen China-based computer hacking group that committed one of the worst data breaches in history.” It is the latest in a series of attempts by the US judiciary to crack down on trade secrets and personal data theft by China. Because Anthem’s data never appeared on the internet, security professionals speculate that it was stockpiled, potentially by the Chinese government. However, in the Anthem case, neither the Justice Department nor the security firms hired to investigate the breach could directly link the hackers to a state or military agency in China.