This summer's 143-million record data breach at credit reference agency Equifax was the work of Chinese intelligence and bears similarities to the September 2015 attack on the US Office of Personnel Management - at least according to some of the investigators, speaking under anonymity to Bloomberg.
According to the newswire, the attack on Equifax was launched within a week of the security flaw - and patch - of the Apache Struts web application framework being disclosed.
Bloomberg's research suggests that once Equifax had been penetrated, the 'entry crew' handed off to more sophisticated hackers who not only drained Equifax's database of every last element of private data, but set-up up more than 30 separate entry points into Equifax's systems.
"The hackers were finally discovered on July 29, but were so deeply embedded that the company was forced to take a consumer complaint portal offline for 11 days while the security team found and closed the backdoors the intruders had set up," according to Bloomberg, which claims to have reconstructed the attack via interviews with people involved in the investigations being conducted by both Equifax and the FBI.
It suggests that the attack coincided with a dispute between Equifax and Mandiant, one of its security partners brought-in to help deal with a different security problem, just as the attack was getting underway. Equifax accused Mandiant of using the classic consulting sales trick of using the A-team to sell its services and sending in the B-team after the contract was signed.
This dispute led Equifax to ignore the initial results of Mandiant's work indicated "unpatched systems and misconfigured security policies" - although these claims might equally indicate backside covering on the part of Mandiant.
The attackers, through, weren't slow to take advantage of Equifax's security shortcomings. "According to an internal analysis of the attack, the hackers had time to customise their tools to more efficiently exploit Equifax's software, and to query and analyse dozens of databases to decide which held the most valuable data."
And, despite investing a lot of money in intrusion detection software and a cyber security team, both were "compromised by poor implementation and the departure of key personnel in recent years", it adds.
Furthermore, while the finger of blame has been pointed at China, the attackers did not necessarily use tools that unambiguously pointed in that direction. "One of the tools used by the hackers - China Chopper - has a Chinese-language interface, but is also in use outside China," added Bloomberg.
It also noted that staff appeared to have too easy access to personal data, according to former vice president of data quality, Steve VanWieren, who left five years ago, although the company says that there is no evidence of insider involvement.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all