Credit-reporting giant Equifax believed it was the victim of a theft from Chinese spies, two years before it confessed to the 2017 data breach that impacted 143 million Americans.
According to the Wall Street Journal, Equifax approached the Federal Bureau of Investigation (FBI) and the Central Intelligence Agency (CIA) amid fears of a potentially huge trove of data containing confidential business information, not customers’ personal data.
The previously undisclosed incident had security officials fear that thousands of pages of proprietary information were taken by former employees before they were siphoned over to China.
Equifax’s then-CEO Richard Smith was briefed about the potential breach in a fall 2015 meeting with high stacks of paper across the boardroom table, the report said. These stacks were a dramatic representation of what Equifax’s security officials feared were stolen. Coincidentally, the Chinese government had asked the biggest technology firms including Alibaba and Tencent to develop a national credit-reporting system.
“At one point, Equifax grew so worried it began building a way to monitor the computer activity of all of its ethnic-Chinese employees, according to people familiar with the investigation,” the report added. “The resource-heavy project, which raised legal concerns internally, was short-lived.”
The FBI had wanted to pursue a criminal case against the Chinese government, believing the latter was responsible for the theft of hundreds of billions of dollars.
The investigation stalled, however, as concerns grew within Equifax grew about legal exposure and how intrinsic and onerous the inquiry could be into its own operations.
Questions raised by the investigation – be it Equifax’s own security shortcomings or China’s alleged cyberespionage.
Meanwhile, Equifax continues to see the fallout of a seismic data breach a year ago nearly to the day.
Image credit: Pixabay.