Shenzhen Facial Recognition Firm Remains Silent After Major Data Leak Revealed

A Shenzhen-based facial recognition company remains silent after a Dutch security researcher revealed that millions of people’s personal information on the company’s database was publicly available for months.

Experts fear that the leaking of people’s private information, used in police surveillance systems in many Chinese cities, may threaten these people’s personal or financial security.

Senior managers of SenseNets Technology Ltd. declined to comment when a Caixin reporter visited the company’s headquarters in Shenzhen, Guangdong province, late Friday.

The company’s official site www.sensenets.com was briefly inaccessible following reports about its major data leak. A source close to the company who requested anonymity told Caixin that the company has been conducting an internal investigation. The company has not issued a public statement as of publication time.

Victor Gevers, the Dutch security expert with the GDI Foundation, tweeted on Wednesday that the personal information of more than 2.5 million people – including ID card numbers and photos, addresses, employers and location in the past 24 hours – was fully accessible on SenseNets’ database to anyone, without password protection.

GDI Foundation warned the Chinese company about the problem after it discovered it in July. But the company did not reply, according to CNET, a technology news portal.

The database has already been visited by outsiders, some of whom claim to have made copies of the data, tweets by Gevers show. But the database become inaccessible as of Feb 14 and is now guarded by a firewall, Gevers wrote.

The GDI Foundation is a non-profit organization that “addresses security issues with responsible disclosures.”

SenseNets is not the first Chinese company to suffer from failure to adequately protect the huge amount of personal data in its possession. E-commerce giant JD.com, online travel service leader Ctrip as well as major telecom service providers have all been subject to major data leaks, some causing huge losses for their customers.

SenseNets was founded in 2015 by video surveillance giant NetPosa Technologies Ltd. and artificial intelligence start-up SenseTime Group Ltd. NetPosa was China’s No.1 and the world’s No.3 video surveillance system maker in 2016, according to an HIS Market report. As of the end of 2017, NetPosa claimed it had provided nearly 1.6 million surveillance systems to Chinese cities as part of the nation’s campaign to beef up public security.

SenseTime exited its 49% stake in SenseNets in July 2018 without disclosing its reasons, though the disposal occurred the same month that GDI informed SenseNets of its data breach. In October 2017, SenseTime and U.S. chipmaker Qualcomm reached a major strategic agreement to deploy SenseTime proprietary artificial intelligence algorithms on smart devices that use Qualcomm chips. Qualcomm has since invested an undisclosed amount in SenseTime as part of a $500 million funding round that valued the Chinese company at the time.

SenseNets has focused on facial recognition technology powered by artificial intelligence (AI) software. A company promotional video shows a criminal suspect being tracked by a series of surveillance cameras, with the police eventually apprehending the suspect and making an arrest.

Contact reporter Wu Gang (gangwu@caixin.com)