China’s top spy and counterintelligence agency said it has cracked the case of a Chinese company that helped a foreign client collect data on Chinese railways and arrested those responsible for leaking the information. It is the first known case since September 2021, when Beijing’s Data Security Law went into effect, in which the collected data was identified as intelligence.
The Ministry of State Security (MSS) made the statement in a social media post on Monday, warning Chinese companies and individuals to “keep strict control over data security” and be vigilant against foreign intelligence agencies trying to steal critical data from China.
According to the ministry, an unnamed Chinese information technology company received a commercial contract in late 2020 to collect electronic signal data along China’s vast railway networks from a foreign company that presented itself as a market researcher before entering the Chinese railway market to provide technical support services.
Due to Covid restrictions imposed by Beijing, the foreign company, which could not send its staff to China, outsourced the work to Chinese suppliers, the ministry explained. It added that it found that the foreign company had several clients, including foreign intelligence agencies, military and defense units, and government departments.
The Chinese company said it was aware that the foreign company might have “ulterior motives,” but, lured by a lucrative contract, decided to go ahead. It purchased and installed equipment as per the foreign party’s contract requirements, collected data at fixed locations, and conducted mobile testing and data collection in multiple cities and on high-speed rail lines as specified by the foreign client.
According to the MSS, the project collected 500 gigabytes of data in one month, including signals from Internet of Things transmissions, cellular and railway communications, and confidential networks. This data was later identified by authorities as “intelligence information” because it was directly related to the safe operation of the railways, and its collection was expressly prohibited by the Data Security Act.
The ministry said those responsible were arrested on suspicion of spying for foreign forces and illegally providing intelligence, and were sentenced to several years in prison, although it did not give further details about the case.
The MSS said it is working to “resolutely build a barrier to maintain data security,” strictly guarding against major data-related risks and challenges, and “severely cracking down” on foreign cyberattacks, data theft and other illegal acts that endanger critical information infrastructure.
The statement also called on the Chinese public to protect important national data and sensitive personal data in work and life, and to guard against foreign intelligence agencies trying to steal China’s “key sensitive data,” encouraging people to report suspicious activities.
It also warned companies to be more aware of their responsibility for China’s overall data security, to improve data protection classification and categorization, and to reduce the risk of data leaks and illegal transmission overseas. Extra precautions — such as obtaining individual consent and conducting a personal information protection impact assessment — should be taken if the data contains personal information, it said.
Since 2021, China has been tightening its data regulations through a series of measures regulating the security assessment of international data transfers, implementing mandatory government reviews for most such commercial transfers.
Via News Agency
Source: https://www.ocafezinho.com/2024/09/02/chineses-sao-presos-por-fornecer-dados-ferroviarios-ao-exterior/