This week, American consumers got more information about what happened to their stolen data in the 2017 Equifax (EFX) breach. Not every adult in the country, but most of them. There are probably around 245 million adults in the country, and 145 million of them had their Social Security numbers stolen.
The culprit, according to the U.S. Department of Justice was China, whose military hacked Equifax in the worst data breach in history. Attorney General William Barr said Monday that the DOJ charged four Chinese military hackers in the Equifax breach. (China has denied it was behind the hack.)
Experts don’t think China was looking to use Americans’ financial records to sell on the black market or dark web for material gain, which often happens with hackers looking to make money with stolen data.
Instead, they’re likely looking for ways to bolster their intelligence activities, by using other stolen data from Anthem and the federal government’s Office of Personnel Management in concert.
In a way, there’s a sigh of relief for the consumer — your data is probably not going to be used to apply for a credit card that will wreck your credit history. You will probably not be a victim of identity theft, though who knows, you might have a job with top secret information the Chinese intelligence services want and be at risk.
But consumers and Equifax might be a little relieved that crazy financial damages from fraud might be less likely now, consumer groups like the US Public Interest Research Groups point out that security is still critical.
“Linking the Equifax breach to state-sponsored Chinese hackers doesn't absolve the firm of its failure to adequately protect the confidential information of over 146 million consumers,” said Ed Mierzwinksi, a senior director at U.S. PIRG.
Put another way, just because a really advanced hacking department of the military of the biggest country in the world is responsible, that doesn’t mean it’s okay to use “admin” as the user name and password for sensitive information, which Equifax reportedly did.
What groups like PIRG — and the U.S. government to an extent — are trying to highlight is the importance of taking care of data in a proactive way, and that shouldn’t be forgotten, even if a very powerful foreign government is responsible.