Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says


The Zhejiang Communications Administration said last month that Alibaba disclosed user information without consent following a complaint about the 2019 incident. Alibaba Cloud said it has already taken corrective measures but did not provide details. — SCMP

The telecoms authority of China’s eastern Zhejiang province has told the cloud computing unit of Alibaba Group Holding that it violated the country’s Cybersecurity Law and should make rectifications following a complaint about a 2019 information leak.

In a letter dated July 5, the Zhejiang Communications Administration (ZCA) said it found Alibaba Cloud “disclosed user registration information to a third-party partner without consent, which violated the Cybersecurity Law”. The letter was issued after the bureau received and processed a complaint against China’s largest cloud service provider.

The authority did not identify the source of the complaint or when it was filed.

The ZCA has not published the letter publicly, but its contents were reported by local Chinese media this week, including the newspaper 21st Century Business Herald. The bureau has confirmed the authenticity of the letter.

Alibaba Cloud said in a statement that the incident took place during the Nov 11 Singles’ Day shopping festival in 2019, when “a telemarketing employee violated company discipline, privately obtained client contact information and leaked it to a distributor’s staff member”. Alibaba, the owner of the South China Morning Post, said it discovered the issue during an internal probe.

“The company strictly prohibits employees from disclosing user registration information to third parties. The company has seriously handled the case in accordance with company rules, taken active rectification measures as requested by the ZCA and corrected the shortcomings of personnel management,” Alibaba said, without offering further details.

The case has been made public amid increasing scrutiny in China of Big Tech companies’ data-handling practices. China’s Personal Information Protection Law, which goes into effect in November, and China’s Data Security Law, set to go into effect next month, have introduced stricter legal requirements on data service providers in the country.

Under the Cybersecurity Law, which has been in effect since June 2017, an order to take corrective measures is the lightest penalty for infringing on rules protecting user data. According to the law, the regulator is authorised to issue a fine of up to 1mil yuan (RM651,519) and to fine responsible individuals up to 100,000 yuan (RM65,151).

For serious violations, the regulator can levy heavier punishments, including suspending or revoking a business license.

Alibaba Cloud, which controls 40% of China’s public cloud market, has been accused of infringing on client rights before.

Ipip.net, a geographic location database company, complained that the cloud provider copied some of its product data. The two later settled and issued a joint statement in late July that said some Alibaba Cloud staff had violated corporate norms for product development. Alibaba said it would punish the employees involved and prevent similar incidents in the future. – South China Morning Post

Article type: free
User access status:
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Data privacy

   

Next In Tech News

Meta pauses new users from joining analytics tool CrowdTangle
'God of War' is glorious on PC
SG woman lost S$17,000 she had saved for her wedding to a job scam
Vienna museum selling NFTs of Klimt's 'Kiss' for Valentine's Day
Salvadorans show support for bitcoin despite IMF criticism
Slow down before you snap: The benefits of analogue photography
U.S. appeals court will not block California net neutrality law
French court upholds 100 million euro fine against Google for breaches linked to cookie policy
French justice ministry hit by cyberattack, investigation ongoing - AFP
Valereum buys Gibraltar Stock Exchange to create crypto hub

Others Also Read


Vouchers