Huge companies like Apple might be using the latest technologies to protect user data, however, while smart technologies can be manipulated, adjusted and improved quickly, such giant organizations have one big vulnerability – it is their employees, suppliers, and organizations that the giant company outsources work to. According to Chinese authorities, a massive underground data theft operation has been uncovered. The police already arrested 22 suspects, part of them being company’s suppliers or employees of companies Apple outsources work to. Some sources said that the data thieves were official Apple employees, although these statements were later denied.
It appears that scammers were using company’s own internal computer system to collect personal information about Apple customers, including full names, Apple IDs, phone numbers, and other data stored by the company. The police did not disclose whether passwords or credit card details were stolen as well. At the moment, it is still obscure whether the leaked data described Chinese individuals or includes information about foreign customers as well. Even if it affected Chinese people only, the number of affected users would be extremely high, because China is Apple’s second largest market. Sources report that the data stolen was sold to Chinese black market vendors for between 10 to 180 yuan (approximately $1.47-$25.50) per data point. It is estimated that criminals earned around 50 million yuan (about 7.36 million US dollars). What is also unknown is how much data was stolen by the organized crime group.
Chinese authorities have been investigating the case for months, collecting pieces of data to prove the criminal activity of the suspects. The investigation started in January 2017. As a result, research findings allowed officers to carry out arrests in several China’s provinces, including Jiangsu, Fujian, Guangdong, and Zhejiang. Officers also confiscated suspects’ computers, credit cards, and phones.
According to Hong Kong Free Press, the sale of personal information in China’s underground world is a common thing. However, on June 1st the country introduced a new cybersecurity law that mandates strict data surveillance and storage for China’s companies and organizations. The new law promises hefty fines for those who infringe the law; therefore, it is believed that the law will ease the process of punishing companies that misuse user data. At the moment, people are waiting for Apple’s official comment on what kind of data was stolen and what actions do the company plan to take in order to prevent such data thefts in the future.