The United States has accused four members of the Chinese Armed Forces of hacking the credit rating agency Equifax and stealing Americans' personal data, as well as the company's trade secrets.
Equifax agreed to pay up to $ 700 million (£ 542 million) in an agreement with U.S. regulators over the data breach, which occurred in 2017 and affected more than 140 million consumers.
The attackers stole personal information, including social security numbers, names, dates of birth, addresses, credit card numbers and driver's license numbers for Equifax customers and clients.
In an undisclosed nine-count indictment on Monday, US prosecutors alleged that Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei were members of the 54th Research Institute of the People's Liberation Army (PLA), a component of the Chinese army.
The four men are accused of conspiring to break into Equifax's computer networks, maintain unauthorized access to those computers and "steal confidential and personally identifiable information from approximately 145 million American victims".
US Attorney General William Barr said: "This was a deliberate and comprehensive intrusion into the private information of the American people.
"Today, we hold PLA hackers responsible for their criminal actions and remind the Chinese government that we have the ability to remove the blanket of anonymity from the Internet and find the hackers that the country repeatedly implements against us.
"Unfortunately, the Equifax hack fits into a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that target personally identifiable information, trade secrets and other confidential information."
Charities raided in campaign against critics in China
The prosecution revealed that the hackers tried to hide their cyber attack by routing traffic "through approximately 34 servers located in nearly 20 countries to obscure their true location" – and using encrypted channels on the Equifax network to blend in with normal network activity.
Last year, the United States accused two hackers allegedly affiliated with Beijing's top intelligence service for a cyber espionage campaign targeting networks in the U.S. and elsewhere.
Perhaps the most significant data breach in recent years by the United States has been attributed to the Chinese government.
The incident – a data breach at the U.S. Office of People Management (OPM) – was cited as one of the most notorious security breaches in recent years.
OPM had information on all federal workers in the USA, including those who work intelligently. Approximately 21.5 million information from public sector workers was stolen in the breach.
Among the stolen documents maintained by the OPM were copies of a document known as Standard Form 86, a 127-page questionnaire completed by employees seeking security clearance.
He listed all the details that American officials would collect about intelligence personnel, such as debt – that Equifax material could plausibly be used to cross-reference – to see if they were at risk of being manipulated by hostile intelligence organizations.