In what could be the largest data breach in China’s history, a hacker claimed to have stolen the records of one billion Chinese citizens from Shanghai police.
Breach Forums, a hacker hotspot, posted the following information: “On one billion Chinese nationals and several billion case files” for sale for 10 Bitcoins or approximately $200,000.
ChinaDan was the poster who claimed that the trove of information contained “name, address and birthplace, national ID numbers, mobile numbers, all crime/case details.”
Although the post is still unconfirmed, it has attracted immense attention in China. Weibo and WeChat users expressed concern about the claims.
Reuters reported that Weibo prevented #dataleak trending on Sunday.
Breach Forums posters analysed a small sample of the data. They debated its authenticity, in large part due to the asking cost for such valuable information.
Asia Markets reported that 10 Bitcoin was “too expensive” to be used for government information.
The thread was closed by forum administrators on Sunday night. There was one offer of 6 Bitcoin at the time.
Schaefer tweeted, “Most evidently, this would be one of the largest and most serious breaches in history,” Schaefer said. “Two, China just released its Personal Information Protection Law late last year. It requires government bodies to protect citizens’ information, which, if it is MPS, has failed to do.”
Schaefer said that the records also contained details about minors’ case files, making Schaefer’s disclosure a violation to the Minor Protection Law.
She wrote, “Wouldn’t be surprised if these also contain files on celebrities and minor officials,”
One reason that the breach could have been so extensive is because the Shanghai police would have had access to a national information-sharing system. This would allow them to access more information than any regional police authority.