Chinese National Indicted For Anthem’s 2015 Massive Data Breach
The U.S. Department of Justice State Prosecutors found probable cause to charge 32-year old Fujie Wang, a Chinese national for allegedly responsible for the data breach in Anthem, a health insurance firm, four years ago in 2015. The incident which resulted in Anthem losing control of at least 78.8 million records. Accused as a member of a Chinese hacking syndicate, Wang is now facing four cases of:
- Intentional damage to a Protected Computer
- Conspiracy to Commit Wire Fraud
- Conspiracy to Commit Fraud
- And other Related Activity in Connection with Computers
Anthem in 2015 confirmed that 78.8 million of their customers had their information was stolen, which included their full names, birth dates, addresses, employment information, and its corresponding income data, medical information and social security numbers. Aside from him, the other suspects that are still at large at the time of this writing were using their online aliases of Zhou Zhihong, Kim Young and Deniel Jack.
The Federal Bureau of Investigation before Wang was arrested posted a wanted notification to inform the public that the authorities was looking for him:
The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history. These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their personal identifiable information,” explained Brian Benczkowski, U.S. Assistant Attorney General.
Unlike a typical breach where an attacker takes out the information stored in the target company’s website, cloud storage or server in a 1-time, big time event, Wang’s team were very deliberate with the infiltration by using stealthy techniques. The indictment decision of the DOJ coincides with the current trade negotiations between China and the United States in hopes to harmonize if not end the current trade war happening between the two top economies of the world.
Aside from Anthem, Wang is also facing charges for infiltrating three more businesses which the DOJ has refused to name but hinted that those were from the communication, technology industry and basic industrial material sector respectively. Anthem was also lax when it comes to training their employees with cybersecurity topics such as anti-phishing techniques to minimize the chance for them to fall for online frauds and scams. The primary suspect on how Anthem’s system was infiltrated was due to an employee with privileged access to the system opened a malicious email, through clever social engineering method, the contents of the email was able to convince the user to open a phishing link or an attachment which contains a malware dropper.
October 20, 2018, hackercombat.com broke the story about Anthem’s decision to pay their affected stakeholders $16 million as settlement for their data breach episode. It was labeled as the “biggest sum gathered by the government in a healthcare data breach”. This was the result of Anthem’s verification of their own systems, and most of the amount will be paid for the credit monitoring and identity theft protection of all its affected customers.