Apple employees in China allegedly sold customers’ personal data for $7.36M

Why it matters to you

If you’re traveling to China, you might want to take some precautions to secure your digital data.

The friendly clerks at your local Apple Store are the last people you’d expect to steal your data, but that’s allegedly just what happened in China. According to AFP, an underground network of 22 people — 20 of whom were Apple employees — is suspected of surreptitiously gathered user’s names, phone numbers, Apple IDs, and other data, and selling them in exchange for a collective 50 million yuan ($7.36 million).

The suspects, who stand accused by the Chinese government of infringing individuals’ privacy and illegally obtaining personal information, used Apple’s internal computer system to scrape information they later sold. Employees in the company’s marketing and outsourcing arms auctioned it piecemeal for between 10 ($1.50) and 80 yuan ($26.50), and coordinated with co-conspirators in China’s Guangdong, Jiangsu, Zhejiang, and Fujian provinces.

Chinese authorities seized “criminal tools” and dismantled the operation’s online network over the weekend, after a monthslong investigation. The sale of personal information became a criminal offense in China on June 1, as part of a controversial cybersecurity bill aimed at protecting the country’s networks.

It appears to be the first documented case of an Apple employee assisting in data theft. But in China, AFP reports that the sale of personal information is relatively common, where citizens use a personal ID card that can be compromised.

In a report published in The Southern Metropolis Daily, Chinese reporters were able to trace a colleague’s whereabouts for 700 yuan, or $100 — including a full list of hotel rooms checked into, airline flights taken, internet cafes visited, border entries and exits, apartment rentals, and real estate holdings. In a subsequent report, they were able to purchase data to find another colleague’s location in real time via his smartphone, and see information about his bank transactions, driving infractions, train journeys, and even who he stayed with during each hotel visit.

According to the Washington Post, personal data on Chinese citizens can be purchased from hundreds of tracking services advertised on the country’s digital platforms. It’s collected in hacks — and in some cases purchases from police and authorities — of national police databases, government filings, banks records, and mobile carrier contracts.

The revelations come as China prepares to deploy an ambitious, centralized “social credit” system that issues a score based on a person’s “trustworthiness.” A trial of the system in Shanghai, called Honest Shanghai, draws from more than 3,000 individual items collected from nearly 100 government entities to determine an individual’s public score –“very good,” “good,” or “very bad.” Good scores earn rewards like discounted airline tickets, and bad scores could one day lead to problems getting loans and seats on planes.