Georgia Attorney General Chris Carr: When It Comes to Fighting Cybercrime, Public-Private Sector Cooperation is Key
Friday, March 13th, 2020
I want to commend the U.S. Department of Justice and BJay Pak, Georgia’s own United States Attorney for the Northern District, for pursuing the criminals responsible for the Equifax data breach. We learned last week that DOJ is charging four members of the Chinese People’s Liberation Army with hacking into the computer systems of the credit reporting agency and stealing the personal data of nearly 145 million Americans as well as Equifax’s valuable trade secrets. It was one of the largest data breaches in history, affecting nearly five million Georgians, and the actions of DOJ and U.S. Attorney Pak send a strong message to those willing to do Georgians — and all Americans — harm.
To protect against future threats, it is critically important to have a full, coordinated analysis of what happened. In Verizon’s 2019 Data Breach Investigations Report, it is noted that 71 percent of breaches were financially motivated and 25 percent were motivated by espionage. Of those, 52 percent featured hacking attempts, 33 percent included social attacks and 28 percent involved malware.
We must remember that when cyber incidents like this occur, a crime has often been committed, a crime against individuals who have had their personal information compromised through no fault of their own and a crime against targets — companies, nonprofits, government agencies and houses of worship. The Verizon report also confirms this — 16 percent of targets were public sector entities, 15 percent were healthcare organizations, 10 percent were financial firms and 43 percent were small businesses.
Knowing who the victims and targets are, it is important to identify the criminals — state sponsored actors, hacktivists, loose confederations of hackers and lone wolves. We must go after them, stop them and learn as much as we can about how they operate. Otherwise, this will continue again and again, more lives will be disrupted and the cost will continue to rise. This is why the charges that U.S. Attorney Pak and DOJ brought are so important.
As your state attorney general, it is also my job to protect the interests of Georgians. Part of that mission may mean engaging with and investigating the target’s role in the breach. I am pleased that our office played a significant role in the Equifax investigation, obtaining a fair and appropriate settlement and ensuring substantial consumer relief. I am also proud that our efforts led to the company’s implementation of robust security measures to protect against future exposure of consumers’ private data — a model for others to follow.
I realize that in the litigious society that we live in it can be hard to come together when breaches occur, but we must enter these conversations — understanding the difference between the individuals who have had their information compromised, the targets and the criminals behind these attacks. I believe that if companies, in good faith, coordinate with our office and other appropriate law enforcement entities in the wake of a breach, we all can better protect Georgia families and businesses and hold accountable those who do harm.