Caixin
Caixin Global – Latest China News & Headlines

Home >

ABOUT US

CX Tech is Caixin Global's real-time tech news portal, featuring 24-hour news, short-form analysis, and roundups from business and tech media in China.

LATEST
JD Logistics Takes Pitches from Banks for Planned Hong Kong IPO in 2021
New Rules Derail Mega Livestreaming E-Commerce Deal
Trending in China: Why Are People Queuing Eight Hours and Paying $30 for a Cup of Milk Tea?
Trending in China: Teacher Assaulting Children Raises Question About Role of Volunteers in Education
‘Look, No Hands!’ - AutoX Rolls Out China’s First Self-Driving Fleet Without Safety Drivers
U.S. Firms Deny Selling to China Military, as Washington Prepares New Blacklist
Baker Bros. Advisors Sells ADSs in BeiGene Just Months After Buying Shares
Trending in China: Sharing Students’ Grades Online – The Fine Line Between Motivation and Public Shaming
Tesla Rival Li Auto Plans New Share Sale to Bankroll R&D
Alibaba Logistics Arm Chills with Ethiopian Airlines to Transport Covid-19 Vaccines
U.S. Blacklist of Chinese Tech Firms Continues to Grow
China's Bluetooth Audio Chip King Set For $741m Shanghai IPO
U.S.-Blacklisted Hikvision Zooms in on COVID Tracking Demand
Trip.com Reports First Quarterly Profit of 2020 as Travel Recovers
Xiaomi Raises Nearly $4 Billion Through Sale of Shares and Bonds
Baidu Leads China in AI Patent Applications and Ownership
Trending in China: Now Forbidden on China’s Trains
Chinese Biopharma Firm Pegbio Nets $122m in Pre-IPO Round From YF Capital, Yingke, Others
NEV Makers Nio and Xpeng Keep Revving Up Sales, But Investor Unimpressed
Britain Bans Installation of New Huawei 5G Equipment from September 2021 in Major U-Turn
YTO Express Workers Lease Accounts to Criminals, Compromising 400,000 Users

By Huang Rong and Denise Jia / Nov 18, 2020 06:56 AM / Business & Tech

picture

picture

Five employees at a major Chinese package delivery company leased their internal employee accounts to criminal groups, compromising more than 400,000 users’ personal information.

Police in Handan, Hebei province, arrested three suspects in the criminal groups involved in the data leakage at YTO Express Group Co. The company apologized Tuesday for the leakage and said it will conduct real-time monitoring of internal accounts and actively discover illegal activities. Consequences for the five employees weren’t disclosed.

YTO said its risk control system detected two employee accounts used to check package information that were not related to the employee site, raising red flags at the company’s Shanghai headquarters. Authorities found that five YTO employees leased their accounts for 500 yuan ($76) a day to criminal groups, which then sold YTO users’ information, including names, identification card numbers, phone numbers and addresses, to domestic and overseas telemarketing fraud groups.

This was not the first data breach case involving employees at package delivery companies. In September 2019, police found that six delivery workers at Deppon Logistics Co. Ltd. stole user data and provided it to an e-commerce company. In 2018, police found that two agents at Cainiao Global, the parcel tracking platform of Alibaba Group, installed malware programs on package scanners to steal user information.

Preventing such leaks at package delivery companies requires systematic business transformation, which is difficult for most companies due to capital and technology limits, said a former delivery company employee who was in charge of data security. Many delivery companies have internal security systems, but they are far from effective in practice because many employees have access to user data, the person said.

Contact reporter Denise Jia (huijuanjia@caixin.com) and editor Bob Simison (bobsimison@caixin.com).

Support quality journalism in China. Subscribe to Caixin Global starting at $0.99.

Share this article
Open WeChat and scan the QR code