Apple employees in China have been found to be illegally obtaining and selling users’ digital personal information, according to Chinese authorities, who claim to have unearthed one such network running its operations underground until now. As of now, a total of 22 people have been detained in connection with infringing upon users’ privacy, according to a statement released by local police in Southern Zhejiang province, reports HKFP.

Apple, China, Apple employees
Pexels / Pixabay

Apple employees caught selling personal data

Of the total, 20 are Apple employees who, with the help of internal computers, allegedly collected Apple IDs, phone numbers and names, and then sold that data for over 50 million yuan ($7.36 million). There was no mention of whether the data stolen was that of Chinese or foreign customers. Chinese authorities stated that police took suspects from four provinces: Zhejiang, Fujian, Jiangsu and Guangdong. Thereafter, police also took control of their criminal tools and rendered their entire online network inactive.

Apple has always maintained that its customers’ privacy and security are paramount. However, this recent theft does expose a loophole in the company’s system. Nevertheless, the company is doing all it can. Apple is preparing to release iOS 11 and macOS later this year and is making it mandatory for all users to enable two-factor authentication on their accounts. The company conveyed this to its customers via email, telling them that after they install the public beta of the new OS, it will automatically land them on the two-factor authentication page.

How China plans to safeguard privacy

China is one country that has often been found to be involved in the theft and sale of Apple IDs. In December, a whole new black market which collected data, including hotel checkouts, property holdings and flight history, from government and police databases was unearthed by the Southern Metropolis, notes HKFP.

Earlier this year, hackers with the Turkish Crime Family demanded ransom, claiming that they had access to millions of Apple accounts. The hackers also warned that if their demands were not met, they would wipe the data from the iPhones and iPads of those whose account information they possessed. The hackers claimed that the U.S. firm gave in to their demand, but Apple maintains that there was no breach in its servers and that the account information was obtained through third-party servers, notes Apple Insider.

Earlier this month, China implemented a controversial new cyber-security law, which it claimed would maintain its network and safeguard citizens’ private information. Under the new law, online service providers are banned from gathering and selling users’ personal information. Further, users have the right to delete their information in the event of a law violation.

“Those who violate the provisions and infringe on personal information will face hefty fines,” the official Xinhua news agency said.

According to Reuters, business groups have asked the government to postpone the implementation of the law, stating that it would affect their activities severely. Critics are also not in favor of implementing such strict laws, fearing that the technology companies would not be keen to enter China once they are implemented.