Yuantong ordered to address security rules after leaking clients’ data

By Chen Shasha in Shanghai Source: Global Times Published: 2020/11/25 22:13:41

Employees of YTO Express sort packages at a distribution center in southwest China's Guizhou Province on November 11. Photo: IC



Yuantong Express (YTO), one of China's largest couriers, was ordered to rectify its operations after some employees were found to have colluded with outsiders to steal and sell more than 400,000 items of clients' personal data, according to a release by Shanghai's cyberspace affairs office on Wednesday.

Official supervision and punishment of personal information leaks must be strengthened to protect personal information and improve public awareness of data security, experts noted.

A gang of seven rented accounts from several employees of YTO at a cost of 500 yuan ($76) per day, logging into the company's system to steal personal information, and then sold this data to areas with a high incidence of telecommunications fraud across the country and Southeast Asia through mobile chat apps, according to media reports on November 16.

More than 400,000 items of personal data were involved, including addresses, names and phone numbers of both senders and recipients, reports said. Each piece of information was sold for 1 yuan. 

YTO apologized for "the problems the case exposed" on November 17 and said it will improve its security and risk control systems.

"Under China's Criminal Law, the punishment for an individual who is engaged in leaking or selling personal information is clearly stipulated. But there is no clear legal stipulation about the corresponding responsibilities of the company if their employees take advantage of their duties to commit such criminal acts," Ma Dongjun, a lawyer based in Southwest China's Guizhou Province, told Global Times.

However, in such cases, the company should be liable for negligence in management. The authorities should impose administrative penalties on the responsible company, based on the seriousness of the cases, such as fines, or even cancelling business registrations, Ma said. Such measures will prompt companies to be aware of the importance of information security and increase their technological investment to protect personal data.

"From the technical side, the company lacks a safety valve to control or supervise its employees' access to important data. But as a business operator dealing with the market, it is obliged to invest in technologies to protect the information of its clients, and win the trust of clients and the market," Ma said. 

Information leaks have also been a regular issue at other Chinese delivery companies such as Express Mail Service, Shentong Express, Deppon Express and Yunda Express, according to a report by thepaper.cn on November 20. Business owners, employees at delivery outlets, couriers and staff from logistics companies are reportedly involved -



Posted in: SOCIETY

blog comments powered by Disqus