The Chinese government has not commented publicly on the breach. It-related search terms, such as “data leak,” were censored on Chinese social media.
A hacker is offering to sell a massive Shanghai police database containing sensitive information on approximately one billion Chinese citizens, including their names, addresses, dates of birth, and crime and case reports.
According to the hacker known as “ChinaDan,” the database also contains photos used in official documents and by facial recognition systems.
If the claim is true, it would be one of the largest data breaches in history, given the nature and quantity of the compromised personal data. The asking price for the database is 10 bitcoin, which at the time of publication was equivalent to approximately £169,000.
“The Shanghai National Police (SHGA) database was compromised in 2022. This database contains numerous [terabytes] of data and information about billions of Chinese citizens.” Chandan posted on the hacking forum Breach Forums.
“Databases contain information on one billion Chinese citizens and several billion case records, including name, address, birthplace, national ID number, mobile number, and all crime/case specifics.”
Some of the information posted as a sample appeared accurate; the Wall Street Journal and AFP contacted some of the sample participants, who confirmed sensitive personal information.
The Chinese government has not commented publicly on the breach. It-related search terms, such as “data leak,” were censored on Chinese social media.
The Chinese government routinely collects a bewildering amount of data on its citizens, such as when they board trains and planes or check into hotels, and CCTV surveillance is pervasive in some areas. In 2015, Beijing police stated that “every corner” of the city was under video surveillance. Many of these cameras are capable of facial recognition.
China’s first comprehensive data privacy law was enacted in November of last year, placing stricter restrictions on what companies were permitted to do with user data and how they must store it.
However, this law governed the access of private companies to data, not government or police databases.
The magnitude of the data breach would make it one of the largest in history. Yahoo announced in 2013 that all three billion of its accounts had been hacked, which was believed to be the largest data breach in history, even though the personal information stolen was less sensitive than the Shanghai police leak, if true.
