More than a dozen Apple employees have been arrested by Chinese authorities on suspicion of selling customers' personal account information stolen from internal computer systems as part of a significant underground criminal operation, it emerged this week (7 June).
Both AFP and Chinese state media have reported that police in eastern China last month arrested 22 suspects as part of an investigation into the illicit trading, a scam believed to be worth more than 50 million yuan ($7.36 million) in total . 20 of those suspects were Apple staff, it emerged.
Initially uncovering the scheme in January 2017, state media said the suspects were working for Apple as part of outsourced "direct sales" and marketing.
The 20 Apple employees, arrested across more than four regions, were selling off the stolen data for money.
The compromised personal information reportedly included customer names, mobile numbers, Apple IDs and more. It has not yet been revealed if the stolen data was from users solely based in China, or if international customers were also impacted.
Apple did not immediately respond to a request for comment.
According to an official statement released by local police in the Zhejiang province in southern China, first reported by AFP, suspects were detained on "suspicion of infringing individuals' privacy and illegally obtaining their digital personal information."
Reports suggest that the trading of stolen personal information is relatively common in the region, however a fresh new cybersecurity law – enacted on 1 June – has been designed to change that.
Like the EU's upcoming GDPR, it promises to levy huge fines on firms which fail to protect data.
Yet according to the Financial Times, technology giants and large businesses operating in China believe the cybersecurity law could give domestic firms an unfair competitive advantage and could even be exploited to help officials steal trade secrets from foreign companies.
"The law is both extremely vague and exceptionally wide in scope, potentially putting companies at risk of regulatory enforcement that is not related to cybersecurity," Carly Ramsey, associate director at Control Risks, a risk management firm, told FT at the time.
It's not the first case of Apple employees being caught in a privacy scandal. Last year, four staffers in Australia were fired after being accused of sharing nude images from customers' phones and rating them out of 10. Apple later claimed it found "'no evidence" photos were inappropriately transferred.
You may be interested in:
- First completely driverless cars to hit roads by next year
- What happened to Anonymous? Experts say they're 'script kiddies who barely understand hacking'
- Twitter hilariously edits Comey's prepared statement released ahead of Senate intelligence hearing
- Apple employees caught 'selling customers' personal data' on Chinese black market