A Chinese national has been charged by a US federal grand jury with carrying out what it called “one of the worst data breaches in history”.
Fujie Wang, 32, stands accused – allegedly alongside other unidentified members of a cyber criminal gang – of orchestrating cyber attacks on a number of US businesses, including the health insurer Anthem.
In 2014 and 2015 the company suffered a prolonged breach in which hackers covertly harvested data about 78.8 million people, including their dates of birth, social security numbers, employment information and income data.
Around two years later, the company agreed a settlement of $115m, which remains the largest for a data breach and would only be surpassed by Yahoo’s proposed settlement package.
The attacks Wang is accused of facilitating targeted four different industry sectors, but the other affected businesses have not been named. The attackers used spear-phishing emails to dupe targets into downloading malware that would provide remote access to the computer system, the indictment claims.
It also alleges that attackers waited for months before carrying out a reconnaissance exercise to search the network for valuable data. Once the data had been exfiltrated, they then deleted certain files in order to avoid detection.
Sign up to Emerging Threats, our weekly cyber security newsletter
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” said assistant attorney general Brian A. Benczkowski.
“These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their PII,” he added. The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur.”
Wang is wanted by the FBI.