When Government Data Security Fails: Alleged Breach Impacts 1 Billion Chinese Citizens
The personal identifiable information (PII) of over 1 billion Chinese citizens has been hacked, according to an anonymous user of an online cybercrime forum who has attempted to sell the entire 23-terabyte database for 10 Bitcoin, equivalent to just over $200,000.
Representing 70% of the Chinese population, the records include citizens’ names, addresses, birthplaces, phone numbers, national ID numbers, and other PII stored in a database managed by the Shanghai police department. While the veracity of the breach has not been confirmed, independent news outlets like The Washington Post, The Wall Street Journal, and CNN have verified a sample of records against publically-available information from official Chinese government websites.
Hampering efforts to mitigate the impact of the breach, the Chinese government has stayed silent on the issue – censoring news of the leak and blocking related keyword searches and hashtags on the popular social media site Weibo. Critics say this stonewalling leaves hundreds of millions of citizens in the dark, unaware of the need to take active measures to safeguard their personal information.
China maintains one of the world’s vastest and most sweeping surveillance and data collection systems, deploying myriad cameras, recorders, and trackers to harvest digital and biological data of its citizens. This massive trove of data, used to monitor and control people’s speech and movements, is also a tremendous liability. If the leak is confirmed, it would be one of the largest in history and would set a grim new benchmark for a country’s information security vulnerabilities.
What lessons does this breach offer other governments and agencies around the world, including the United States? Collecting and storing colossal quantities of PII comes with even bigger legal, financial, and reputational risks. At GovDataHosting, our customers benefit from industry-leading Managed Security Compliance and Cyber Defense Services, including managed intrusion detection, incident response, and digital forensics. Don’t wait until it’s too late. Prevent and deter data breaches before they become both a headache and an international news headline.