Federal prosecutors have charged two individuals in connection to the 2014 data breach of a major health insurance provider that exposed the personal data of tens of millions of Americans.
An indictment unsealed Thursday names Chinese national Wang Fujie, known also by the name Dennis Wang, and another individual identified only by online aliases — including “Zhou Zhihong,” “Kim Young,” and “Deniel Jack” — as part of a sophisticated Chinese hacking group responsible for the breach of Anthem and other companies. Assistant Attorney General Benczkowski called the incident “one of the worst data breaches in history.”
“These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their PII,” Benczkowski said in a statement.
Starting in February of 2014 and through the beginning of 2015, the indictment said, the hackers used spearfishing techniques, malware, and other means to gain access to the systems of Anthem as well as three other businesses, which were not named but were identified as being in the technology, basic materials, and communications services sectors, respectively. Anthem disclosed the breach in early 2015.
After gaining access to their systems, prosecutors claim the hackers then stole personal data that included names, social security numbers, dates of birth, telephone and email addresses, home addresses, as well as income and employment information, among other “data of interest”. After collecting this information, they allegedly then moved it “into encrypted archive files and then [sent] it through multiple computers to destinations in China.”
A federal grand jury in Indianapolis charged both individuals with four counts, including conspiracy to commit fraud and related activity in relation to computers and identity theft, conspiracy to commit wire fraud, and intentional damage to a protected computer.
“The cyber attack of Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans,” U.S. Attorney Minkler said in a statement. “This wanton violation of privacy will not stand, and we are committed to bringing those responsible to justice.”