Pre-Data Breach, Equifax Suspected China of Spying

Pre-Data Breach, Equifax Suspected China of Spying

Before it was the victim of a massive data breach that exposed the personal information of 143 million customers, Equifax was worried that sensitive data had been stolen by Chinese spies.

Citing a source familiar with the matter, the Wall Street Journal reported that former employees were suspected of taking thousands of pages of proprietary information — including code for planned new products, human-resources files and manuals — before leaving for jobs in China. The company grew even more suspicious after the Chinese government asked eight companies to help it build a national credit-reporting system.

Equifax went to the Federal Bureau of Investigation and the Central Intelligence Agency, and the company even began looking into a way to monitor the computer activity of its Chinese employees. That project, however, was abandoned due to legal concerns.

While the FBI wanted to pursue a criminal case, Equifax pulled back due to worries about legal exposure and how difficult the investigation could become.

In a written statement, Equifax said it became aware in 2015 of “efforts by a former employee to obtain company information and launched an internal investigation into his activities.” It “brought the investigation to the attention of U.S. law enforcement authorities and cooperated with the federal agencies.”

“Although this individual had improperly obtained proprietary Equifax information,” the statement said, “the information we determined was accessed was general in nature and not material or harmful to Equifax, consumers or our business clients.” Equifax added that the company has “no evidence to suggest that consumer data or other personal information was compromised, or that this individual targeted this type of information.”

The FBI and CIA declined to comment, but one employee who left Equifax to work in China for Ant Financial called the suspicions surrounding him “a nightmare.”

Daniel Zou, who worked for Equifax in Toronto, said in a statement provided by his lawyer: “I deny that I worked with or consulted with a network of Equifax colleagues to steal Equifax code for Ant Financial or that I provided any such code to Ant Financial.”

Zou added that although he has never been contacted by Equifax or any government authorities about theft, knowing that he was suspected caused him “emotional turmoil.” He now works for Alipay Canada in Vancouver.

In another matter, Federal officials have accused a former Equifax executive of insider trading in connection with an alleged scheme centered around the data breach that compromised the personal information of nearly 150 million Americans last year.

The Securities and Exchange Commission and Department of Justice have announced separate actions against Jun Ying, a former chief information officer at the credit rating firm who allegedly unloaded nearly a million dollars’ worth of Equifax stock shortly before the company publicly disclosed the breach last September, according to authorities.

In a lawsuit in March, the SEC alleged Mr. Ying committed insider trading when he sold about 6,800 Equifax shares late last August, effectively avoiding roughly $117,000 in losses that he would have incurred had he waited until the agency’s public disclosure on Sept. 7.

“Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” Richard Best, director of the SEC’s Atlanta Regional Office, said in a statement.

A federal grand jury has separately returned criminal insider-trading charges against Mr. Ying, 42, the Justice Department announced in March.

“This defendant took advantage of his position as Equifax’s USIS Chief Information Officer and allegedly sold over.

Mary Greeley News