22 People Detained in China for Allegedly Stealing, Selling iPhone User Data

(Beijing) — Police have detained 22 people in China on suspicion of selling iPhone user data for a total of 50 million yuan ($7.4 million), in what could be the first test of a toughened-up cybersecurity law.

Police in Zhejiang province’s Cangnan county, about 800 miles southeast of Beijing, said the group stole Apple IDs, names and phone numbers from the company’s internal network and then sold the information.

Of the 22 people, 20 were employees of Apple “direct sales companies” and companies doing “outsourced” services, according to a statement by police.

Police said their investigation began with their learning of the sale of Apple ID information, traded at 10 to 180 yuan apiece on the internet. The police said in the statement: “During the investigation we found Apple China employees were suspected of using illegal means to obtain Apple phone personal information and selling it online in large volume, making huge profits.” The investigation led police to nearly two dozen suspects scattered across Guangdong, Fujian and Jiangsu provinces, police said.

The 22 people have been detained since May 3, Cangnan police said on Wednesday.

Such sales would, under recent legal interpretations by the Supreme People’s Court and the state prosecutor’s office, constitute a “severe crime.” 

Under the tougher law, a “serious criminal violation” kicks in when someone is found guilty of wrongfully obtaining or profiteering from over 50 pieces of data regarding an individual’s whereabouts, phone records, credit status or personal assets.

Theft by employees can bring about even harsher penalties under the new interpretations.

Also facing harsher penalties are cases in which one is found guilty of selling information for more than 5,000 yuan. In such a case, a person may be fined up to five times their profits, depending on the circumstances, according to the interpretations. Other punitive measures, such as prison time, were not specified in the legal interpretations.

A similar case, in which two employees from a large online recruitment site are accused of smuggling out and selling résumés from the company’s database to headhunters, went on trial in Beijing on June 3. No verdict has been handed down, but prosecutors recommended six years of prison for the defendants. 

Swiping private information — including telephone numbers, addresses, employment and income data — by telecommunication company employees and hackers has become a widespread problem in China.

In one incident in August, police said a 19-year old student in Shandong province died of heart failure after she was swindled out of 10,000 yuan — the money her family had saved for her college — to scammers who had apparently accessed details of her financial aid application to the local education authority.

This article, its headline and caption have been corrected. Of the 22 people detained by police, 20 were employees of Apple “direct sales companies” in China and companies doing “outsourced” services, according to a statement by the police.

Contact reporter April Ma (fangjingma@caixin.com)