Personal information leakage on the rise in China: report

A total of 6.05 billion pieces of personal information were leaked in 2016, up 9.4 percent from 2015, according to a recent report issued by leading Chinese internet security company Qihoo 360.

The report warned that an average of 16.9 million pieces of information were leaked from the 359 internet loopholes detected by Qihoo 360's security monitoring website Butian. The figure had nearly tripled since 2015.

The report was made public at a conference titled “Hack for Security” on March 30 in Shenzhen, which was organized by Qihoo 360.

"China has about 700 to 800 million netizens. With such a high exposure rate, it's almost like everyone is running around naked. Individuals are barely capable of protecting themselves from personal information leakage. They are also unable to prevent the leakage from happening," Pei Zhiyong, chief researcher for China's first anti-fraud platform 110.360.cn, told reporters on the sidelines of the conference.

Personal information leakage does little harm to websites themselves, which makes websites less willing to respond to the problem, Pei explained.

Ling Yun, chief information security officer at China’s leading online travel agency Ctrip, revealed that his company encrypts all personal information saved on the website, from passport numbers to home addresses, so as to minimize the possibility of a large-scale personal information leak if an attack should occur.

“Few Chinese companies would do this, but we, as a travel agency, have more information to worry about,” he told reporters at the conference.

In December 2016, China’s Ministry of Public Security announced that the number of annual personal information leak cases was over 1,800, concerning more than 30 billion pieces of information, the Xinhua News Agency reported.

A large proportion of the leaks were caused by hackers taking advantage of loopholes on websites, and some may have been conducted by "mole hackers" working within companies, Pei noted.

Earlier in March, an internet engineer with e-commerce site JD.com was discovered to be involved in a hacker gang that stole some 5 billion pieces of personal information, including bank and social security accounts, Beijing Youth Daily reported.

Qi Xiangdong, president of Qihoo 360, pointed out during a group interview with reporters at the conference that internet and IT companies should rely on professional, third-party companies to oversee their cyber-security operations.

“It is a common practice in the West. Few Chinese companies have purchased such services in the past, but we are delighted to see there is a rising trend,” Qi said.

Specifically, the Qihoo 360 report said that 96.1 percent of detected loopholes were of severe vulnerability, while 0.3 percent were of low vulnerability. Some 58 percent of the leaked information contained personal ID numbers, and 62 percent contained internet users' browsing histories.

Fortunately, over 90 percent of the severe loopholes detected on government websites were fixed in a timely manner. Government websites are the fastest to respond to these vulnerabilities, followed by the websites of financial institutions.