China’s Version of Paypal Lost a Huge Trove of User Data – And Didn’t Notice for Years

The online payment platform Alipay has apologized to customers after user information including names and home addresses, were stolen. The apology came a bit late—some three years after the fact.

The breach of about 20 gigabytes of user data stolen from the Chinese online giant Alibaba’s payments unit was sold to other e-commerce firms and market research companies in 2010. It wasn’t until 2012 that company officials suspected information had been stolen; in November 2013 police charged an employee in Alipay’s technical staff with stealing the information, as well as a man with another e-commerce firm who bought the data. (The going rate was reportedly 500 yuan ($82) per 30,000 items of the data haul.)

The case is just part of a larger online security problem facing Chinese companies—worrying in a country with 590 million internet users and one of the world’s largest online retail markets. Stealing and selling personal information isn’t especially lucrative, but it’s all too easy given how little Chinese companies invest in data protection. Chinese officials are trying to address the problem through more arrests and laws targeting certain industries like delivery services, but industry observers call the reforms largely piecemeal.

via China’s version of Paypal lost a huge trove of user data, and didn’t notice for years – Quartz.

———————————————-

Journal of Law & Cyber Warfare | www.jlcw.org The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners.  The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners. The Journal of Law & Cyber Warfare is honored by the world class caliber editorial board that is involved with the Journal. Thought leaders from forensics, law, warfare, and cyber security are on the Board. The Journal is always looking for interested thought leaders who believe they can contribute in a meaningful fashion to the development of cyber warfare scholarship.