Data security can be said to be a hot topic in recent years, especially with the rapid development of information security technologies such as big data and artificial intelligence, the situation of data security and privacy protection is becoming increasingly severe. The network boundary has been broken, data security issues are increasing day by day, and we are also facing increasingly severe tests. The data leakage incidents in 2023 are still at a high incidence rate.
Ming Dynasty Wangda summarized major data security and personal information leakage events and cases that occurred in China in 2023, for everyone to read.
4.5 billion domestic express information leaked
On February 12, it was revealed that a Telegram query robot had leaked 4.5 billion pieces of personal information domestically. The latest data is approximately from 2022, mainly from various express platforms and shopping websites such as Taobao and JD.com, including users' real names, phone numbers, and addresses. According to the navicat screenshot provided by the robot administrator, the leaked data exceeded 4.5 billion, with a database size of 435.35GB, almost covering the express information of all users across the country.
Illegal sale of 10,000 employee resumes,A man was sentenced for the crime of infringing on citizens' personal information
On April 11, the People's Court of Shunyi District, Beijing City, publicly tried a case of illegal sale of employee resumes. It is learned that Yu and Sun worked together at a human resources company in Beijing from June 29, 2022, to July 15, 2022. Yu used Sun's account to download more than 13,000 resumes containing personal information from the company's recruitment system, and obtained illegal profits of 16,400 yuan by selling some of the resumes to others.
Inadequate data protection leads to hospital data leakage, both the hospital and the third-party technical company were fined
In June, the Hengyang Internet Information Office issued the first penalty notice in the field of data security. A hospital in Hengnan County failed to fulfill its obligations to protect data security, resulting in the leakage of some data, violating Article 29 of the Data Security Law of the People's Republic of China. Under the guidance of the provincial and municipal Internet Information Offices, the Hengnan Internet Information Office ordered the hospital to make corrections, gave a warning, and imposed an administrative penalty of 50,000 yuan. At the same time, a fine of 12,000 yuan was imposed on the third-party technical company and relevant responsible persons.
On June 20th, according to the administrative punishment information released by the Fuzhou Branch of the People's Bank of China, the Fujian Branch of the Bank of China was warned for its violations of the
A large amount of data leakage occurred in a certain university in Nanchang, and the local police imposed a fine of 850,000 yuan
In August, more than 30,000 personal information data of teachers and students in a certain university in Nanchang were publicly sold on the internet in foreign countries. After investigation, it was found that the university had not established a complete data security management system in the process of data processing activities, had not taken technical measures to ensure data security, and had not fulfilled the obligations of data security protection, leading to the illegal intrusion of hackers into the database storing more than 30 million pieces of information such as staff information, student information, and payment information. More than 30,000 pieces of sensitive personal information data of teachers and students were illegally sold. The Nanchang public security cyber police department ordered the school to make corrections, gave a warning, and imposed a fine of 800,000 yuan, and imposed a fine of 50,000 yuan on the main responsible person.
A government information system service company in Shanghai was administratively punished for leaking citizen personal information
On September 15th, the Shanghai Internet Information Office announced a case of administrative punishment. A certain government information system technology contractor in Shanghai violated regulations by placing government data on the internet during the test period, and there were high-risk vulnerabilities in the related storage endpoints, leading to the leakage of a large amount of citizen data, and it became an entry point for overseas illegal elements to steal government data. The personal information of related citizens was disclosed and sold on overseas hacker forums. The Shanghai Internet Information Office has coordinated relevant departments to require the company to immediately take down government website pages, close related cloud service ports, cooperate in network asset inspections, and impose administrative punishment on the company.
In September, the public security cyber police department of Jiangsu Taizhou discovered that the
The case of a medical testing institution in Suqian not fulfilling its data security protection obligations
In September, the public security cyber security department of Suqian City, Jiangsu Province, found during the inspection of a local medical testing institution that the information platform for medical testing operated by the institution had SQL injection vulnerabilities, weak passwords, and other network security risks, and had not established a data security management system, organized data security training, taken technical measures to ensure data security, or conducted risk monitoring and regular risk assessment of data processing activities. This could lead to the leakage of sensitive business data and was suspected of not fulfilling the data security protection obligations. According to Article 45 of the Data Security Law, the institution was administratively warned and fined 100,000 yuan.
The related database of the APP was exposed on the public network, and the Hangzhou technology company was fined 50,000 yuan
According to the clues transferred by the National Internet Information Office, the Zhejiang Provincial Internet Information Office has launched a filing investigation into the issue of the Hangzhou technology company not fulfilling its data security protection obligations. In October, after investigation, it was found that a related database service port of a certain life-style APP under the company was directly exposed to the Internet environment, there was an unauthorized access vulnerability, and the company did not fulfill the data security protection obligations as required, violating Article 27 of the Data Security Law. The Zhejiang Provincial Internet Information Office imposed a fine of 50,000 yuan on the company.
The traffic administration '12123' information system was infiltrated by 'scalpers', with hundreds of illegal operations
In October, the Jiangyin District Procuratorate of Wuxi City handled a case of destruction of computer information system. All ten suspects were second-hand car 'scalpers' who, through illegal means, infiltrated the traffic administration '12123' system, and illegally handled hundreds of business services such as changing phone numbers, replacing driving licenses, and replacing license plates for second-hand cars that could not be transferred normally. This has seriously violated national regulations, infringed upon personal privacy rights and information security, and was sentenced for illegal intrusion into a computer information system and destruction of a computer information system.
Conclusion
For enterprises, data is an important asset, including customer information, financial data, strategic planning and other important information. Once these sensitive data are leaked or tampered with, it will cause huge losses to the enterprise.
According to the experts of Ming Dynasty Data Security, currently, corporate data faces both internal risks and external attacks. Internally, the improper behavior of employees may lead to data leakage, such as the leakage of account passwords and unauthorized downloading of sensitive data. In addition, the improper operation of employees may also lead to data damage or loss, such as the permanent loss of data due to operations such as incorrect deletion of data or formatting the hard disk.
From the outside, hacker attacks are one of the main threats that enterprises face. Hackers can infiltrate corporate network systems through various means to obtain confidential information or disrupt the operation of the enterprise. In addition, malicious software such as viruses and ransomware are also common threats to enterprises. These malicious software can be spread through email attachments, unsafe websites, and other means. Once infected with the corporate system, it may lead to data damage, leakage, or encryption of data.
评论已关闭