Chinese Hackers Exploit Gaps in US Intelligence Sharing, Senator Says

Katrina Manson, Bloomberg News

Senator Ron Wyden, a Democrat from Oregon, speaks during a Senate Commerce, Science and Transportation Committee hearing in Washington, D.C., U.S., on Wednesday, March 23, 2022. The hearing is titled "Developing Next Generation Technology for Innovation." , Bloomberg

(Bloomberg) -- Chinese hackers are more easily able to steal personal data because of a lack of intelligence sharing between US spy agencies and the Federal Trade Commission, a member of the Senate Select Committee on Intelligence has warned.

Senator Ron Wyden, an Oregon Democrat, said Tuesday in a letter written jointly to Lina Khan, FTC chair, and Avril Haines, director of national intelligence, that “the intelligence community is sharing very little information” with the FTC, especially about personal information or employees that China is likely to target for cyber-espionage purposes.

Such data categories could include information about Americans’ health, DNA, location data, facial recognition and workplaces, according to Wyden’s office. If the US intelligence community shared such information, it would help the FTC better protect the information and hold accountable companies and government agencies whose “negligent cybersecurity has resulted in the theft of their customers’ personal data,” Wyden said.

“With this information, the FTC could then identify the companies that hold such data, scrutinize their security and, if it is found lacking, force the firms to shore up their security before they are hacked,” Wyden said.

The FTC could also draft new rules that organizations would have to follow to better protect such high-risk data, and impose fines in cases where companies fail to live up to such standards due to cybersecurity weaknesses, according to an aide in Wyden’s office.

Suspected Chinese hackers have conducted a number of breaches that resulted in the theft of Americans’ personal data, Wyden said. US officials previously alleged that Chinese hackers were behind a 2015 breach at Anthem Inc. health insurance, resulting in the theft of data about 78 million people. Alleged Chinese hackers also breached Equifax Inc. in 2017, gathering data about 145 million Americans, according to the Justice Department, and reportedly breached the Marriott International Inc. hotel chain to steal information about 500 million people in 2018.

Liu Pengyu, spokesperson for China’s embassy in Washington, said the accusations against the Chinese government were "groundless." He accused the US of conducting its own cyber-espionage. "We hope that the US side will first of all strengthen its own constraints on cyber security," he said.

The senator called for the DNI to expand its cooperation with the FTC and invite FTC staff to classified briefings. Wyden also said the FTC should request more high-level security clearances so that Khan and several others can access more sensitive information, in order for the regulator to help protect Americans’ private data from future hacking campaigns.

For years, US national security officials have warned of risks to Americans’ personal data.

“If you are an American adult, it is more likely than not that China has stolen your personal data,” FBI Director Christopher Wray testified to Congress in 2020.

The FTC declined to comment on the contents of the letter.

“The threat posed to Americans’ data by the Chinese government is serious and dangerous,” said FTC spokesperson Douglas Farrar. “The FTC continues to make it a priority to identify appropriate tools and remedies to protect this sensitive and important data.”

The Office of the Director of National Intelligence declined to comment.

(Updated to include a comment from a Chinese government representative in the seventh paragraph.)