Washington: A Chinese national was indicted on Thursday on computer hacking charges related to a campaign to breach large businesses in the United States, including a computer intrusion and data breach of Indianapolis-based health insurer Anthem Inc. (Anthem).
The US Department of Justice said in a statement that the breach affected a computer system containing data on nearly 80 million people, according to an indictment unsealed on Thursday in Indianapolis, Indiana.
Fujie Wang, 32, and John Doe, members of the hacking group operating in China, conducted intrusions into Anthem and three other American businesses, according to the four-count indictment in federal court in Indianapolis, where Anthem is based. However, it did not identify the other companies by name.
As part of this international computer hacking scheme, the indictment alleged that beginning in February 2014, Wang and Doe used sophisticated techniques to hack into the computer networks of the ‘victim businesses’ without authorization, according to the indictment. They installed malware and tools on the compromised computer systems to further compromise the computer networks of the victim businesses, after which they identified data of interest, including personally identifiable information (PII) and confidential business information, the indictment alleged.
“The allegations in the indictment unsealed today to outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” said Assistant Attorney General Benczkowski.
“These defendants allegedly attacked the US businesses operating in four distinct industry sectors and violated the privacy of over 78 million people by stealing their PII. The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur,” he added.
US Attorney Minkler said, “The cyber attack of Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans,” adding, “This wanton violation of privacy will not stand, and we are committed to bringing those responsible to justice. I would also like to thank Anthem for its timely and substantial cooperation with our investigation.”
The indictment further alleged that the defendants then collected files and other information from the compromised computers and stole this data. As part of the computer intrusion and data breach of Anthem, the defendants identified and ultimately stole data concerning approximately 78.8 million persons from Anthem’s computer network, including names, health identification numbers, dates of birth, social security numbers, addresses, telephone numbers, email addresses, employment information, and income data, it said.
Wang and Doe are charged with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer.
The indictment also alleged that the defendants accessed the computer network of Anthem without authorization for the purpose of conducting reconnaissance on Anthem’s enterprise data warehouse, a system that stores a large amount of PII, on multiple occasions in October and November 2014.
In July 2017, Anthem agreed to a USD 115 million settlement resolve litigation over a 2015 breach, which lawyers said would be the largest settlement ever for a data breach.