Walmart's China unit disciplined by Shenzhen police for breaches of cybersecurity laws

South China Morning Post
3 min read
0
In this article:

The China arm of the world's largest retailer Walmart Inc has received a warning from police in the southern tech hub of Shenzhen for breaches of cybersecurity laws, as the country tightens its grip over how data is handled by businesses.

The public security authorities in Shenzhen found 19 cybersecurity loopholes in November in the online network of Walmart's China operation, which could be susceptible to exploitation, and the company did not subsequently fix the issues in a timely manner, according to a document issued by local authorities and shown on Qichacha, a Chinese business information platform.

The Futian Branch of the Shenzhen Public Security Bureau issued an official warning to the company in late December and ordered it to rectify the problems, citing violation of the Cybersecurity Law of the People's Republic of China, the document shows.

Do you have questions about the biggest topics and trends from around the world? Get the answers with SCMP Knowledge, our new platform of curated content with explainers, FAQs, analyses and infographics brought to you by our award-winning team.

Walmart did not immediately respond to a request for comment.

The punishment comes days after China's anti-corruption agency accused Walmart Inc and its Sam's Club chain of "stupidity and shorted-sightedness" after social media users alleged that Sam's Club had removed Xinjiang-sourced products from its stores.

Sam's Club came under fire in China after users of the Weibo social media platform shared screenshots allegedly showing that products from the far-Western Chinese region of Xinjiang had been taken down from the store's online app. Sam's Club later denied claims in China that it deliberately removed Xinjiang-sourced products from its app, describing the furore as "a misunderstanding".

However, there is no indication that the Shenzhen warning is related to the Sam's Club controversy.

The Shenzhen police warning comes amid the country's intensified cybersecurity crackdown on how data is collected, stored and used by companies operating on the mainland. According to a regulation passed last year, Chinese companies are obliged to report vulnerabilities in their own software to the Ministry of Industry and Information Technology through its National Vulnerability Database website.

Last month Alibaba Group Holding's cloud computing services unit was disciplined by the internet security regulator for failing to first report to the government a severe bug in its widely-used logging software to the government agency. Alibaba is the parent company of the South China Morning Post.

China is also stepping up scrutiny of cross-border data transfers. In July the country initiated a cybersecurity review of ride-hailing giant Didi Chuxing just days after it went public in the US. It also introduced the new Data Security Law later in 2021 as the country's first regulation designed to limit how data is used and processed, raising wide-ranging implications for the way companies operate in China.

This article originally appeared in the South China Morning Post (SCMP), the most authoritative voice reporting on China and Asia for more than a century. For more SCMP stories, please explore the SCMP app or visit the SCMP's Facebook and Twitter pages. Copyright © 2022 South China Morning Post Publishers Ltd. All rights reserved.

Copyright (c) 2022. South China Morning Post Publishers Ltd. All rights reserved.

Advertisement

Recommended Stories